\: vim:syntax=tex \: this file maintained at http://git.mdcc.cx/uruk.git \: this is a manpage in zoem format. see http://micans.org/zoem/ and man_zmm(7) \import{pud/man.zmm} \import{./include.zmm} \begin{pud::man}{ {name}{urukctl} {html_title}{urukctl} {section}{8} \man_share } \${html}{\"pud::man::maketoc"} \sec{name}{NAME} \NAME{urukctl}{uruk control script} \sec{synopsis}{SYNOPSIS} \urukctl \it{command} \bf{[}\it{argument}\bf{]} \sec{description}{DESCRIPTION} \par{ \urukctl is the user interface for the uruk system. It is used to create or change saved iptables rulesets, to change the current loaded rulesets and to report on uruk's status. } \par{ See \sibref{uruk}{uruk(8)} for information on how to get started with the Uruk system, and for a tutorial. This manpage gives just the details on \urukctl. } \par{ The \urukctl script calls \uruk to process \rcpath. (The uruk init script calls \urukctl.) } \par{ These 4 ruleset pairs (for both IPv4 and IPv6) exist in a system using uruk: \begin{itemize}{ {contiguous}{1} {compact}{1} {type}{mark} } \item the ruleset as expressed in the uruk configuration \rcpath, \item the 2 saved rulesets in \tt{/var/lib/{iptables,ip6tables}/{active,inactive}} \item the ruleset as currently loaded in the running kernel \item optional: more rulesets saved in \tt{/var/lib/{iptables,ip6tables}} \end{itemize} } \cpar{arguments}{ \urukctl should be called as either \tt{urukctl} \it{argument} or \tt{urukctl} \it{argument} \it{option}. Possible values are: \'begin{itemize}{{interitem}{1}} \item{\bf{start}} \car{ If not yet done, save current iptables status in "inactive" ruleset. (Re)build and load the "active" ruleset. } \item{\bf{save} \it{ruleset}} \car{ Save the current iptables status in given ruleset. } \item{\bf{create} <\tt{active}|\tt{inactive}>} \car{ Create an "active" or "inactive" ruleset with sane defaults: "active" will be based upon the uruk rc file. "inactive" will allow all traffic. } \item{\bf{load} \it{ruleset}} \car{ Load a saved ruleset } \item{\bf{reload}} \car{ (Re)build and load the "active" ruleset, without temporarily clearing the current iptables status. } \item{\bf{force-reload}} \car{ (Re)build and load the "active" ruleset, in case uruk is running. } \item{\bf{stop}} \car{ Load the "inactive" ruleset. } \item{\bf{restart}} \car{ Perform stop-actions followed by start-actions. } \item{\bf{status}} \car{ Print the current status of the service: show which ruleset is loaded, and wether uruk is "running". } \item{\bf{clear}} \car{ Remove all rules and user-defined chains, set default policy to ACCEPT. } \item{\bf{halt}} \car{ Remove all rules and user-defined chains, set default policy to DROP. } \item{\bf{flush}} \car{ Flush all rules from the current iptables status. } \'end{itemize} } \cpar{configuration}{ \urukctl uses the file /etc/default/uruk (on Debian, Ubuntu and related systems) or /etc/sysconfig/uruk (on Red Hat, Fedora and related systems) for configuration. Variables used in this file are: \'begin{itemize}{{interitem}{1}} \item{enable_uruk_check} \car{wether to check for existence and sanity of uruk rc file; set to false if you don't like this, e.g. when using the uruk initscript for managing saved rulesets only (i.e. not for calling uruk or uruk-save).} \item{enable_ipv6} \car{set to false to disable IPv6 support. Set to \tt{$(enable-ipv6)} to dynamically decide wether to filter IPv6 traffic.} \item{enable_uruk_save} \car{enable calling the unstable uruk-save script.} \item{enable_autosave} \car{set to "false" to disable autosaving the active ruleset when going from start to stop.} \item{enable_save_counters} \car{set to "false" to disable saving table counters with rulesets.} \'end{itemize} } \sec{see also}{SEE ALSO} \sibref{uruk}{uruk(8)}, \sibref{uruk-rc}{uruk-rc(5)}, \sibref{uruk-save}{uruk-save(8)}. The Uruk homepage is at \httpref{http://mdcc.cx/uruk/} . \par{ \bf{iptables(8)}, \bf{iptables-save(8)}, \bf{iptables-restore(8)}, \bf{ip6tables(8)}, \bf{ip6tables-save(8)}, \bf{ip6tables-restore(8)}, \httpref{http://www.netfilter.org/} \: (no manpage online :( ) } \par{ \bf{interfaces(5)}, \httpref{http://packages.debian.org/ifupdown}. } \sec{copyright}{COPYRIGHT} Copyright (C) 2013 \"man::author" \gplheader \sec{author}{AUTHOR} \"man::author" \end{pud::man}