diff options
Diffstat (limited to 'iptables/iptables-apply.8.in')
-rw-r--r-- | iptables/iptables-apply.8.in | 46 |
1 files changed, 31 insertions, 15 deletions
diff --git a/iptables/iptables-apply.8.in b/iptables/iptables-apply.8.in index cdc9c447..f0ed4e5f 100644 --- a/iptables/iptables-apply.8.in +++ b/iptables/iptables-apply.8.in @@ -1,6 +1,6 @@ .\" Title: iptables-apply -.\" Author: Martin F. Krafft -.\" Date: Jun 04, 2006 +.\" Author: Martin F. Krafft, GW +.\" Date: May 10, 2010 .\" .TH IPTABLES\-APPLY 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@" .\" disable hyphenation @@ -8,23 +8,37 @@ .SH NAME iptables-apply \- a safer way to update iptables remotely .SH SYNOPSIS -\fBiptables\-apply\fP [\-\fBhV\fP] [\fB-t\fP \fItimeout\fP] \fIruleset\-file\fP +\fBiptables\-apply\fP [\-\fBhV\fP] [\fB-t\fP \fItimeout\fP] [\fB-w\fP \fIsavefile\fP] {[\fIrulesfile]|-c [runcmd]}\fP .SH "DESCRIPTION" .PP -iptables\-apply will try to apply a new ruleset (as output by -iptables\-save/read by iptables\-restore) to iptables, then prompt the -user whether the changes are okay. If the new ruleset cut the existing -connection, the user will not be able to answer affirmatively. In this -case, the script rolls back to the previous ruleset after the timeout -expired. The timeout can be set with \fB\-t\fP. +iptables\-apply will try to apply a new rulesfile (as output by +iptables-save, read by iptables-restore) or run a command to configure +iptables and then prompt the user whether the changes are okay. If the +new iptables rules cut the existing connection, the user will not be +able to answer affirmatively. In this case, the script rolls back to +the previous working iptables rules after the timeout expires. .PP -When called as \fBip6tables\-apply\fP, the script will use -ip6tables\-save/\-restore instead. +Successfully applied rules can also be written to savefile and later used +to roll back to this state. This can be used to implement a store last good +configuration mechanism when experimenting with an iptables setup script: +iptables-apply \-w /etc/network/iptables.up.rules \-c /etc/network/iptables.up.run +.PP +When called as ip6tables\-apply, the script will use +ip6tables\-save/\-restore and IPv6 default values instead. Default +value for rulesfile is '/etc/network/iptables.up.rules'. .SH OPTIONS .TP \fB\-t\fP \fIseconds\fR, \fB\-\-timeout\fP \fIseconds\fR -Sets the timeout after which the script will roll back to the previous -ruleset. +Sets the timeout in seconds after which the script will roll back +to the previous ruleset (default: 10). +.TP +\fB\-w\fP \fIsavefile\fR, \fB\-\-write\fP \fIsavefile\fR +Specify the savefile where successfully applied rules will be written to +(default if empty string is given: /etc/network/iptables.up.rules). +.TP +\fB\-c\fP \fIruncmd\fR, \fB\-\-command\fP \fIruncmd\fR +Run command runcmd to configure iptables instead of applying a rulesfile +(default: /etc/network/iptables.up.run). .TP \fB\-h\fP, \fB\-\-help\fP Display usage information. @@ -36,9 +50,11 @@ Display version information. \fBiptables-restore\fP(8), \fBiptables-save\fP(8), \fBiptables\fR(8). .SH LEGALESE .PP -iptables\-apply is copyright by Martin F. Krafft. +Original iptables-apply - Copyright 2006 Martin F. Krafft <madduck@madduck.net>. +Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>. .PP -This manual page was written by Martin F. Krafft <madduck@madduck.net> +This manual page was written by Martin F. Krafft <madduck@madduck.net> and +extended by GW <gw.2010@tnode.com or http://gw.tnode.com/>. .PP Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0. |