.\" Copyright (c) 2023 Joost van Baal-Ilić .TH "urukctl" 8 "9 окт 2023" "urukctl 20231009" "SYSTEM ADMINISTRATION " .po 2m .de ZI .\" Zoem Indent/Itemize macro I. .br 'in +\\$1 .nr xa 0 .nr xa -\\$1 .nr xb \\$1 .nr xb -\\w'\\$2' \h'|\\n(xau'\\$2\h'\\n(xbu'\\ .. .de ZJ .br .\" Zoem Indent/Itemize macro II. 'in +\\$1 'in +\\$2 .nr xa 0 .nr xa -\\$2 .nr xa -\\w'\\$3' .nr xb \\$2 \h'|\\n(xau'\\$3\h'\\n(xbu'\\ .. .if n .ll -2m .am SH .ie n .in 4m .el .in 8m .. .SH NAME urukctl \- uruk control script .SH SYNOPSIS \fBurukctl\fP \fIcommand\fP \fB[\fP\fIargument\fP\fB]\fP .SH DESCRIPTION \fBurukctl\fP is the user interface for the uruk system\&. It is used to create or change saved iptables rulesets, to change the current loaded rulesets and to report on uruk\&'s status\&. See \fBuruk(8)\fP for information on how to get started with the Uruk system, and for a tutorial\&. This manpage gives just the details on \fBurukctl\fP\&. The \fBurukctl\fP script calls \fBuruk\fP to process /etc/uruk/rc\&. (The uruk init script calls \fBurukctl\fP\&.) These 4 ruleset pairs (for both IPv4 and IPv6) exist in a system using uruk: .ZI 2m "\(bu" \& .br the ruleset as expressed in the uruk configuration /etc/uruk/rc, .in -2m .ZI 2m "\(bu" \& .br the 2 saved rulesets in \fC/var/lib/{iptables,ip6tables}/{active,inactive}\fP .in -2m .ZI 2m "\(bu" \& .br the ruleset as currently loaded in the running kernel .in -2m .ZI 2m "\(bu" \& .br optional: more rulesets saved in \fC/var/lib/{iptables,ip6tables}\fP .in -2m \fBarguments\fP .br \fBurukctl\fP should be called as either \fCurukctl\fP \fIargument\fP or \fCurukctl\fP \fIargument\fP \fIoption\fP\&. Possible values are: .ZI 2m "\fBstart\fP" \& .br If not yet done, save current iptables status in "inactive" ruleset\&. (Re)build and load the "active" ruleset\&. .in -2m .ZI 2m "\fBsave\fP \fIruleset\fP" \& .br Save the current iptables status in given ruleset\&. .in -2m .ZI 2m "\fBcreate\fP <\fCactive\fP|\fCinactive\fP>" \& .br Create an "active" or "inactive" ruleset with sane defaults: "active" will be based upon the uruk rc file\&. "inactive" will allow all traffic\&. .in -2m .ZI 2m "\fBload\fP \fIruleset\fP" \& .br Load a saved ruleset .in -2m .ZI 2m "\fBreload\fP" \& .br (Re)build and load the "active" ruleset, without temporarily clearing the current iptables status\&. .in -2m .ZI 2m "\fBforce-reload\fP" \& .br (Re)build and load the "active" ruleset, in case uruk is running\&. .in -2m .ZI 2m "\fBstop\fP" \& .br Load the "inactive" ruleset\&. .in -2m .ZI 2m "\fBrestart\fP" \& .br Perform stop-actions followed by start-actions\&. .in -2m .ZI 2m "\fBstatus\fP" \& .br Print the current status of the service: show which ruleset is loaded, and wether uruk is "running"\&. .in -2m .ZI 2m "\fBclear\fP" \& .br Remove all rules and user-defined chains, set default policy to ACCEPT\&. .in -2m .ZI 2m "\fBhalt\fP" \& .br Remove all rules and user-defined chains, set default policy to DROP\&. .in -2m .ZI 2m "\fBflush\fP" \& .br Flush all rules from the current iptables status\&. .in -2m \fBconfiguration\fP .br \fBurukctl\fP uses the file /etc/default/uruk (on Debian, Ubuntu and related systems) or /etc/sysconfig/uruk (on Red Hat, Fedora and related systems) for configuration\&. Variables used in this file are: .ZI 2m "enable_uruk_check" \& .br wether to check for existence and sanity of uruk rc file; set to false if you don\&'t like this, e\&.g\&. when using the uruk initscript for managing saved rulesets only (i\&.e\&. not for calling uruk or uruk-save)\&. .in -2m .ZI 2m "enable_ipv6" \& .br set to false to disable IPv6 support\&. Set to \fC$(enable-ipv6)\fP to dynamically decide wether to filter IPv6 traffic\&. .in -2m .ZI 2m "enable_uruk_save" \& .br enable calling the unstable uruk-save script\&. .in -2m .ZI 2m "enable_autosave" \& .br set to "false" to disable autosaving the active ruleset when going from start to stop\&. .in -2m .ZI 2m "enable_save_counters" \& .br set to "false" to disable saving table counters with rulesets\&. .in -2m .SH SEE ALSO \fBuruk(8)\fP, \fBuruk-rc(5)\fP, \fBuruk-save(8)\fP\&. The Uruk homepage is at http://mdcc\&.cx/uruk/ \&. \fBiptables(8)\fP, \fBiptables-save(8)\fP, \fBiptables-restore(8)\fP, \fBip6tables(8)\fP, \fBip6tables-save(8)\fP, \fBip6tables-restore(8)\fP, http://www\&.netfilter\&.org/ \fBinterfaces(5)\fP, http://packages\&.debian\&.org/ifupdown\&. .SH COPYRIGHT Copyright (C) 2013 Joost van Baal-Ilić This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version\&. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. You should have received a copy of the GNU General Public License along with this program\&. If not, see http://www\&.gnu\&.org/licenses/\&. .SH AUTHOR Joost van Baal-Ilić