Provided by: netscript-2.4-upstart_5.2.1_all bug

NAME

       netscript - netscript network configuration command

SYNOPSIS

       netscript start|stop|reload|restart
       netscript ifup|ifdown|ifqos|ifreload <interface-name>|all
       netscript compile [ -fhq ] [ -b max-backup-level ]
       netscript ipfilter load|clear|fairq|flush|reload|save
       netscript ipfilter usebackup [ backup-number ]
       netscript  ipfilter exec <function-name1>|<function-name2> [chain p1 p2
       ...]
       netscript ip6filter load|clear|fairq|flush|reload|save
       netscript ip6filter usebackup [ backup-number ]
       netscript ip6filter exec <function-name1>|<function-name2> [chain p1 p2
       ...]

DESCRIPTION

       This  manual  page  documents  briefly  the  netscript command from the
       netscript router/firewall network configuration package.

       This  command  is   used   to   configure/reconfigure   the   interface
       configuration,  ipchains  filter  setup,  and  ip route service ( QoS )
       setup that are configured in netscript’s configuration files.   It  can
       manipulate  individual  interfaces, and reconfigure the iptables filter
       contents and firewall setup, or reconfigure the QoS setup.

       It is rather incomplete as it does not describe fully the finely  tuned
       manipulations  that  happen  due  to netscript’s design which enables a
       Linux box to serve as a high availability  heavy-duty  mission-critcial
       network router or firewall.

COMPILE CONFIGURATION MODE

       The  rules can be compiled and automatically loaded on boot by  setting
       the  IPV4_CONFIGURE_SWITCH  switch  in network.conf(5) to the value  of
       the function used to configure the kernel.  Net-compile(8) creates this
       function  as ´Configure´.   If   this  switch  is  set,  the  netscript
       startup  will  run  netscript-compile(8) to make sure everything is  up
       to date  and  load  the  rules  from /etc/netscript/ipfilter-defs.conf,
       and  the  relevant   settings   in  network.conf(5)  which  are used to
       establish packet grooming and configure the built in  kernel  netfilter
       INPUT  and  FORWARD chains  in the  filter table. If compilation fails,
       the previous rule set is not replaced and it is used instead.

       A similar mode exists for IPv6, but it is not fully implemented yet.

IPTABLES CONFIGURATION MODE

       This configuration mode corresponds to the old method of doing it using
       iptables-save(8)  and  iptables-restore(8).   This  is  the default for
       operation, and occurs  if  the  IPV4_CONFIGURE_SWITCH  is  not  set  in
       network.conf(5).

       This is the metoh still used by IPv6 as well.

OPTIONS

       start  Set  up  networking  configruation  by loading ipcahins filters,
              setting  up  bridge,  configuring  interfaces  and  running  any
              configured  lower  layer  protocol  daemons or commands. For use
              from a startup script.

       stop   Shut everything down. For use from a startup script.

       reload Refresh the setup of netscript  except  for  iptables  from  the
              configuration files in /etc/netscript

       restart|force-reload
              Stop  everthing  and then start everything again. For use from a
              startup script.

       ifup <interface-name>|all
              Bring interfaces(s) up by starting  any  protocol  daemons,  and
              configuring interfaces.

       ifdown <interface-name>|all
              Shutdown said interface(s) by doing reverse of ifdown.

       ifqos <interface-name>|all
              Reload QoS configuration for interface(s).

       ifreload <interface-name>|all
              Refresh  the  interface  setup  and  implement any configuration
              changes.

       ifreset <interface-name>|all
              Shutdown and then restart interface(s), reloading  configuration
              from lower layer up to the network layer.

       compile [ -fhq ] [ -b max-backup-level ]
              Compile  the  new  definitions  in  /etc/netscript/ipfilter-defs
              directory   into   a   new   set    of    functions    in    the
              /etc/netscript/ipfilter-defs-compiled.conf    file.    See   the
              netscript-compile(8) and ipfilter-defs(5) manpages for  details.

       ipfilter load|reload
              Load/reload  the  IPv4  iptables  filters  and  reconfigure  the
              firewalling, from that  saved  in  /etc/netscript/iptables  (via
              iptables-restore(8)  ),  and  the  QoS fair queuing setup, or by
              excuting   the    requisite    configuration    function    from
              /etc/netscript/ipfilter-defs-compiled.conf  if  using  ipfilter-
              defs(5) mode.

       ipfilter save
              Save the IPv4 iptables configuration to  /etc/netscript/iptables
              via    iptables-save(8)    ,    after    backing    it   up   to
              /etc/netscript/iptables.1 and cycling the previous backup  files
              down  through  the configuration history.  This does not work if
              the IPv6 side of  netscript  is  operating  in  ipfilter-defs(5)
              mode.

       ipfilter usebackup [ backup-number ]
              Restore  setup  from the IPv4 iptables backup configuration from
              /etc/netscript/iptables.n ( default 1 ) via iptables-restore(8),
              or if the ipfilter-defs(5) backend is used, the requisite backup
              number from the /etc/netscript/ipfilter-defs.conf history files.

       ipfilter clear|flush
              Remove    iptables    and    any    firewall   setup,   and   if
              IPV4_FWDING_KERNEL is set to FILTER_ON (see  network.conf(5)  ),
              disables  all IPv4 packet forwarding on the router.  Very useful
              for debugging protocol problems on  a  firewall  by  enabling  a
              reasonably safe check to be made with the filtering down.

       ipfilter forward|fwd
              Turns  on  the  IPv4 kernel forwarding switch manually.  This is
              irrespective  of  the   setting   of   IPV4_FWDING_KERNEL   (see
              network.conf(5)  ).  Use  with  caution as it will allow traffic
              through the box.

       ipfilter noforward|nofwd
              Turns off the IPv4 kernel forwarding switch manually.   This  is
              irrespective   of   the   setting   of  IPV4_FWDING_KERNEL  (see
              network.conf(5)  ).  Use  with  caution  as  it  will  cut   off
              reachability.

       ipfilter fairq
              Reload  the  IPv4 fairq chain that marks the packets for the QoS
              interface transmit queues.

       ip6filter load|reload
              Load/reload  the  IPv6  iptables  filters  and  reconfigure  the
              firewalling, from that saved in /etc/netscript/ip6tables
               (via ip6tables-restore(8) ), and the QoS fair queuing setup, or
              by  excuting   the   requisite   configuration   function   from
              /etc/netscript/ipfilter-defs-compiled.conf  if  using  ipfilter-
              defs(5) mode.

       ip6filter save
              Save the IPv6 iptables configuration to  /etc/netscript/iptables
              via    ip6tables-save(8)    ,    after    backing   it   up   to
              /etc/netscript/ip6tables.1 and cycling the previous backup files
              down  through  the configuration history.  This does not work if
              the IPv6 side of  netscript  is  operating  in  ipfilter-defs(5)
              mode.

       ip6filter usebackup [ backup-number ]
              Restore  setup  from the IPv6 iptables backup configuration from
              /etc/netscript/ip6tables.n  (  default  1   )   via   ip6tables-
              restore(8),  or  if  the  ipfilter-defs(5)  backend is used, the
              requisite  backup  number  from   the   /etc/netscript/ipfilter-
              defs.conf history files.

       ip6filter clear|flush
              Remove  IPv6 iptables setup, and if IPV6_FWDING_KERNEL is set to
              FILTER_ON (see  network.conf(5)  ),  disables  all  IPv6  packet
              forwarding  on  the  router.  Very useful for debugging protocol
              problems on a firewall by enabling a reasonably safe check to be
              made with the filtering down.

       ip6filter forward|fwd
              Turns  on  the  IPv6 kernel forwarding switch manually.  This is
              irrespective  of  the   setting   of   IPV6_FWDING_KERNEL   (see
              network.conf(5)  ).  Use  with  caution as it will allow traffic
              through the box.

       ip6filter noforward|nofwd
              Turns off the IPv6 kernel forwarding switch manually.   This  is
              irrespective   of   the   setting   of  IPV6_FWDING_KERNEL  (see
              network.conf(5)  ).  Use  with  caution  as   it   will   affect
              reachability.

       ip6filter fairq
              Reload  the  IPv6 fairq chain that marks the packets for the QoS
              interface transmit queues.

FILES

       /etc/netscript/if.conf, /etc/netscript/ipfilter.conf,
       /etc/netscript/network.conf, /etc/netscript/qos.conf,
       /etc/netscript/ipfilter-defs.conf,
       /etc/netscript/ipfilter-defs-compiled.conf,
       /etc/netscript/ipfilter-defs directory,
       /etc/netscript/iptables, /etc/netscript/ip6tables,
       /etc/netscript/ipfilter-defs-compiled

SEE ALSO

       netscript-compile(8), ipfilter-defs(5),  if.conf(5),  ipfilter.conf(5),
       network.conf(5),  qos.conf(5),  ip(8),  tc(8),  iptables(8),  iptables-
       restore(8),   iptables-save(8),   ip6tables(8),   ip6tables-restore(8),
       ip6tables-save(8), brcfg(8).

AUTHOR

       This     manual     page     was     written     by    Matthew    Grant
       <grantma@anathoth.gen.nz>, for the Debian GNU/Linux system (but may  be
       used by others).

BUGS

       I wrote this manpage when I was half asleep...

                               January 24, 2003                         NET(8)