Provided by: zorp_3.9.2-1ubuntu1_i386 bug


       zorp_ - Zorp Firewall Suite


       zorp [options]


       The zorp command is the main entry point for a Zorp instance, and as
       such it is generally called by zorpctl(8) with command line parameters
       specified in instances.conf(5).


       --version or -V
           Display version number and compilation information.

       --as <name> or -a <name>
           Set instance name to <name>. Instance names may consist of the
           characters [a-zA-Z0-9_] and must begin with a letter. Log messages
           of this instance are prefixed with this name.

       --also-as <name> or -A <name>
           Add a secondary instance named <name>. Secondary instances share
           the same Zorp process but they have a separate section in the
           configuration file.

       --policy <name> or -p <name>
           Use the file called <name> as policy. This file must be a valid
           policy file.

       --verbose <verbosity> or -v <verbosity>
           Set verbosity level to <verbosity>, or if <verbosity> is omitted
           increment it by one. Default the verbosity level is 3; possible
           values are 0-10.

       --pidfile <pidfile> or -P <pidfile>
           Set path to the PID file where the pid of the main process is

       --foreground or -F
           Do not daemonize, run in the foreground.

       --process-mode <mode>
           Set processing mode to one of background, safe-background or

       --no-syslog or -l
           Send log messages to the standard output instead of syslog.

       --log-tags or -T
           Prepend log category and log level to each message.

           Escape non-printable characters to avoid binary log files. Each
           character less than 0x20 and greater than 0x7F are escaped in the
           form <XX>.

       --log-spec <spec> or -s <spec>
           Set verbosity mask on a per category basis. Each log message has an
           assigned multi-level category, where levels are separated by a dot.
           For example, HTTP requests are logged under http.request.  <spec>
           is a comma separated list of log specifications. A single log
           specification consists of a wildcard matching log category, a
           colon, and a number specifying the verbosity level of that given
           category. Categories match from left to right. E.g.: --logspec
           'http.*:5,core:3'. The last matching entry will be used as the
           verbosity of the given category. If no match is found the default
           verbosity specified with --verbose is used.

       --threads <num> or -t <num>
           Set the maximum number of threads that can be used in parallel by
           this Zorp instance.

       --idle-threads <num> or -I
           Set the maximum number of idle threads; this option has effect only
           if threadpools are enabled (see the option --threadpools).

       --threadpools or -O
           Enable the use of threadpools, which means that threads associated
           with sessions are not automatically freed, only if the maximum
           number of idle threads is exceeded.

       --user <user> or -u <user>
           Switch to the supplied user after starting up.

       --group <group> or -g <group>
           Switch to the supplied group after starting up.

       --chroot <dir> or -R <dir>
           Change root to the specified directory before reading the
           configuration file. The directory must be set up accordingly.

       --caps <caps> or -C <caps>
           Switch to the supplied set of capabilities after starting up. This
           should contain the required capabilities in the permitted set. For
           the syntax of capability description see the man page

       --no-caps or -N
           Do not change capabilities at all.

       --tproxy <id> or -Y <id>
           Override the automatically proxy implementation. <id> can be one of
           the following: netfilter (TPROXY patch for netfilter), linux22
           (standard Linux 2.2 transparent proxying), ipf (patched for
           transparent proxying).

       --autobind-ip <IP address> or -B <IP address>
           The autobind parameter as required by the TPROXY support for the
           kernel. It must be an IP address of a local interface and should
           not clash with any real-world IP address. It is recommended to use
           a dummy interface.

       --crypto-engine <engine> or -E <engine>
           Set the OpenSSL crypto engine to be used for hardware accelerated
           crypto support.

       --stack-size <size> or -S <size>
           Set the maximum stack size used by threads. Note that the maximum
           number of parallel threads is influenced by the size specified
           here. The default stack size is 512 KB, the maximum you can set is
           8192 KB.






       This manual page was written by the BalaBit Documentation Team


       Copyright © 2006 BalaBit IT Security Ltd. All rights reserved. For more
       information about the legal status of this document please read:

[FIXME: source]                   08/13/2011                           ZORP(8)