Provided by: zorp_3.0.8-0.6_i386
zorp - Zorp Firewall Suite
The zorp command is the main entry point for a Zorp instance, as such
it is generally called by zorpctl(8) with command line parameters
specified in instances.conf(5).
--version or -V
Display version a compilation information.
--as <name> or -a
Set instance name to <name>. Each log message is prefixed with
--also-as <name> or -A
Add a secondary instance named <name>. Secondary instances share
the same Zorp process but they have a separate section in the
--policy <name> or -p
Use the file named <name> as policy. This file must be a valid
--verbose [num] or -v
Set verbosity level to [num], or if [num] is omitted increment
it by one. Default the verbosity level is 3, and possible
values include 0-10.
--pidfile [num] or -P
Set path to PID file where the pid of the main process is
--foreground or -F
Do not daemonize, stay in foreground. This option is also
implied by -l.
--no-syslog or -l
Instead of sending messages to the syslog, send it to the
--log-tags or -T
Prepend log category and level to each message.
Escape non-printable characters to avoid binary log files. Each
character less than 0x20 and greater than 0x7F are escaped in
the form <XX>.
--log-spec <spec> or -s
Set verbosity mask on a per category basis. Each log message has
an assigned multi-level category, where levels are separated by
a dot. For example HTTP requests are logged under http.request .
spec is a comma separated list of log specifications. A single
log specification consists of a wildcard matching log category,
a colon, and a number specifying the verbosity level of that
given category. Categories match from left to right.
Example: --logspec ’http.*:5,core:3’
The last matching entry will be used as the verbosity of the
given category. If no match is found the default verbosity
specified with --verbose is used.
--threads <num> or -t
Set the maximum number of threads that this Zorp instance may
--idle-threads <num> or -I
Set the maximum number of idle threads, this option has effect
only if threadpools are enabled, see the option --threadpools.
--threadpools or -O
Enable the use of threadpools which means that threads
associated with sessions are not automatically freed, only if
the maximum number of idle threads is exceeded.
--uid <uid> or -u
Switch to the supplied uid after starting up.
--gid <gid> or -g
Switch to the supplied gid after starting up.
--chroot <dir> or -R
Change root to specified directory before reading configuration
file. The directory must be set up accordingly.
--caps <caps> or -C
Switch to the supplied set of capabilities after starting up.
This should contain the required capabilities in the permitted
set. For the syntax of capability description see the man page
--no-caps or -N
Do not change capabilities at all.
--tproxy <id> or -Y
Override autodetected proxy implementation. <id> can be one of
the following: netfilter (TPROXY patch for netfilter), linux22
(standard Linux 2.2 transparent proxying), ipf (patched for
--autobind-ip <IP address> or -B
The autobind parameter as required by the TPROXY support for the
kernel. It must be an ip address of a local interface and should
not clash with any real-world IP addresses. It is best assigned
to a dummy interface.
--crypto-engine or -E
Set the OpenSSL crypto engine name to use for hardware
accelerated crypto support.
--stack-size or -S
Set the maximum stack size used by threads. Note that the
maximum number of parallel threads depends on the size specified
here. The default size (256k) is enough for about 4000 parallel
This manual page was written by Balázs Scheidler <firstname.lastname@example.org>.
March 8, 2004 ZORP(8)