Provided by: zorp_3.0.8-0.6_i386 bug


       zorp - Zorp Firewall Suite


       zorp [options]


       The  zorp  command is the main entry point for a Zorp instance, as such
       it is generally called  by  zorpctl(8)  with  command  line  parameters
       specified in instances.conf(5).


       --version or -V
              Display version a compilation information.

       --as <name> or -a
              Set  instance  name to <name>. Each log message is prefixed with
              this name.

       --also-as <name> or -A
              Add a secondary instance named <name>. Secondary instances share
              the  same  Zorp  process but they have a separate section in the
              configuration file.

       --policy <name> or -p
              Use the file named <name> as policy. This file must be  a  valid
              policy file.

       --verbose [num] or -v
              Set  verbosity  level to [num], or if [num] is omitted increment
              it by one.  Default the  verbosity  level  is  3,  and  possible
              values include 0-10.

       --pidfile [num] or -P
              Set  path  to  PID  file  where  the  pid of the main process is

       --foreground or -F
              Do not daemonize,  stay  in  foreground.  This  option  is  also
              implied by -l.

       --no-syslog or -l
              Instead  of  sending  messages  to  the  syslog,  send it to the
              standard output.

       --log-tags or -T
              Prepend log category and level to each message.

              Escape non-printable characters to avoid binary log files.  Each
              character  less  than  0x20 and greater than 0x7F are escaped in
              the form <XX>.

       --log-spec <spec> or -s
              Set verbosity mask on a per category basis. Each log message has
              an  assigned multi-level category, where levels are separated by
              a dot. For example HTTP requests are logged under http.request .
              spec  is  a comma separated list of log specifications. A single
              log specification consists of a wildcard matching log  category,
              a  colon,  and  a  number specifying the verbosity level of that
              given category. Categories match from left to right.

              Example: --logspec ’http.*:5,core:3’

              The last matching entry will be used as  the  verbosity  of  the
              given  category.   If  no  match  is found the default verbosity
              specified with --verbose is used.

       --threads <num> or -t
              Set the maximum number of threads that this  Zorp  instance  may
              use concurrently.

       --idle-threads <num> or -I
              Set  the  maximum number of idle threads, this option has effect
              only if threadpools are enabled, see the option --threadpools.

       --threadpools or -O
              Enable  the  use  of  threadpools  which  means   that   threads
              associated  with  sessions  are not automatically freed, only if
              the maximum number of idle threads is exceeded.

       --uid <uid> or -u
              Switch to the supplied uid after starting up.

       --gid <gid> or -g
              Switch to the supplied gid after starting up.

       --chroot <dir> or -R
              Change root to specified directory before reading  configuration
              file. The directory must be set up accordingly.

       --caps <caps> or -C
              Switch  to  the  supplied set of capabilities after starting up.
              This should contain the required capabilities in  the  permitted
              set.  For  the syntax of capability description see the man page

       --no-caps or -N
              Do not change capabilities at all.

       --tproxy <id> or -Y
              Override autodetected proxy implementation. <id> can be  one  of
              the  following:  netfilter (TPROXY patch for netfilter), linux22
              (standard Linux 2.2  transparent  proxying),  ipf  (patched  for
              transparent proxying).

       --autobind-ip <IP address> or -B
              The autobind parameter as required by the TPROXY support for the
              kernel. It must be an ip address of a local interface and should
              not  clash with any real-world IP addresses. It is best assigned
              to a dummy interface.

       --crypto-engine or -E
              Set  the  OpenSSL  crypto  engine  name  to  use  for   hardware
              accelerated crypto support.

       --stack-size or -S
              Set  the  maximum  stack  size  used  by  threads. Note that the
              maximum number of parallel threads depends on the size specified
              here.  The default size (256k) is enough for about 4000 parallel






       This manual page was written by Balázs Scheidler <>.

                                 March 8, 2004                         ZORP(8)