table of contents
| NETSCRIPT(8) | System Manager's Manual | NETSCRIPT(8) |
NAME¶
netscript - netscript network configuration command
SYNOPSIS¶
netscript start|stop|reload|restart
netscript ipfilter load|clear|fairq|flush|reload|save
netscript ipfilter usebackup [ backup-number ]
netscript ipfilter exec
<function-name1>|<function-name2> [chain p1 p2 ...]
netscript ip6filter load|clear|fairq|flush|reload|save
netscript ip6filter usebackup [ backup-number ]
netscript ip6filter exec
<function-name1>|<function-name2> [chain p1 p2 ...]
DESCRIPTION¶
This manual page documents briefly the netscript command from the netscript router/firewall network configuration package.
This command is used to configure/reconfigure the iptables filter setup, that are configured in netscript's configuration files.
IPTABLES CONFIGURATION¶
Configuration saving is done by iptables-save(8) and iptables-restore(8).
OPTIONS¶
- start
- Set up networking configruation by loading ipcahins filters, setting up bridge, configuring interfaces and running any configured lower layer protocol daemons or commands. For use from a startup script.
- stop
- Shut everything down. For use from a startup script.
- reload
- Refresh the setup of netscript from the configuration files in /etc/netscript
- restart|force-reload
- Stop everything and then start everything again. For use from a startup script.
- ipfilter load|reload
- Load/reload the IPv4 iptables filters and reconfigure the firewalling, from that saved in /etc/netscript/iptables (via iptables-restore(8) ), and the QoS fair queuing setup.
- ipfilter save
- Save the IPv4 iptables configuration to /etc/netscript/iptables via iptables-save(8) , after backing it up to /etc/netscript/iptables.1 and cycling the previous backup files down through the configuration history.
- ipfilter usebackup [ backup-number ]
- Restore setup from the IPv4 iptables backup configuration from /etc/netscript/iptables.n ( default 1 ) via iptables-restore(8).
- ipfilter clear|flush
- Remove iptables and any firewall setup, and if IPV4_FWDING_KERNEL is set to FILTER_ON (see network.conf(5) ), disables all IPv4 packet forwarding on the router. Very useful for debugging protocol problems on a firewall by enabling a reasonably safe check to be made with the filtering down.
- ipfilter forward|fwd
- Turns on the IPv4 kernel forwarding switch manually. This is irrespective of the setting of IPV4_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will allow traffic through the box.
- ipfilter noforward|nofwd
- Turns off the IPv4 kernel forwarding switch manually. This is irrespective of the setting of IPV4_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will cut off reachability.
- ipfilter fairq
- Reload the IPv4 fairq chain that marks the packets for the QoS interface transmit queues.
- ip6filter load|reload
- Load/reload the IPv6 iptables filters and reconfigure the firewalling,
from that saved in /etc/netscript/ip6tables
(via ip6tables-restore(8) ), and the QoS fair queuing setup. - ip6filter save
- Save the IPv6 iptables configuration to /etc/netscript/iptables via ip6tables-save(8) , after backing it up to /etc/netscript/ip6tables.1 and cycling the previous backup files down through the configuration history.
- ip6filter usebackup [ backup-number ]
- Restore setup from the IPv6 iptables backup configuration from /etc/netscript/ip6tables.n ( default 1 ) via ip6tables-restore(8).
- ip6filter clear|flush
- Remove IPv6 iptables setup, and if IPV6_FWDING_KERNEL is set to FILTER_ON (see network.conf(5) ), disables all IPv6 packet forwarding on the router. Very useful for debugging protocol problems on a firewall by enabling a reasonably safe check to be made with the filtering down.
- ip6filter forward|fwd
- Turns on the IPv6 kernel forwarding switch manually. This is irrespective of the setting of IPV6_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will allow traffic through the box.
- ip6filter noforward|nofwd
- Turns off the IPv6 kernel forwarding switch manually. This is irrespective of the setting of IPV6_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will affect reachability.
- ip6filter fairq
- Reload the IPv6 fairq chain that marks the packets for the QoS interface transmit queues.
FILES¶
/etc/netscript/ipfilter.conf, /etc/netscript/network.conf,
/etc/netscript/iptables, /etc/netscript/ip6tables,
SEE ALSO¶
ipfilter.conf(5), network.conf(5), ip(8), tc(8), iptables(8), iptables-restore(8), iptables-save(8), ip6tables(8), ip6tables-restore(8), ip6tables-save(8), brcfg(8).
AUTHOR¶
This manual page was written by Matthew Grant <matt@mattgrant.net.nz>, for the Debian GNU/Linux system (but may be used by others).
BUGS¶
I wrote this manpage when I was half asleep...
| January 24, 2014 |