trusty (8) ifdown.8.gz

Provided by: netscript-2.4-upstart_5.3.0ubuntu1_all bug

NAME

       netscript - netscript network configuration command

SYNOPSIS

       netscript start|stop|reload|restart
       netscript ifup|ifdown|ifqos|ifreload <interface-name>|all
       netscript ipfilter load|clear|fairq|flush|reload|save
       netscript ipfilter usebackup [ backup-number ]
       netscript ipfilter exec <function-name1>|<function-name2> [chain p1 p2 ...]
       netscript ip6filter load|clear|fairq|flush|reload|save
       netscript ip6filter usebackup [ backup-number ]
       netscript ip6filter exec <function-name1>|<function-name2> [chain p1 p2 ...]

DESCRIPTION

       This   manual   page   documents   briefly   the  netscript  command  from  the  netscript
       router/firewall network configuration package.

       This command is used to configure/reconfigure the interface configuration, ipchains filter
       setup, and ip route service ( QoS ) setup that are configured in netscript's configuration
       files.  It can manipulate individual  interfaces,  and  reconfigure  the  iptables  filter
       contents and firewall setup, or reconfigure the QoS setup.

       It  is rather incomplete as it does not describe fully the finely tuned manipulations that
       happen due to netscript's design which enables a Linux box to serve as a high availability
       heavy-duty mission-critcial network router or firewall.

IPTABLES CONFIGURATION

       Configuration saving is done by iptables-save(8) and iptables-restore(8).

OPTIONS

       start  Set  up  networking  configruation  by loading ipcahins filters, setting up bridge,
              configuring interfaces and running any configured lower layer protocol  daemons  or
              commands. For use from a startup script.

       stop   Shut everything down. For use from a startup script.

       reload Refresh  the setup of netscript except for iptables from the configuration files in
              /etc/netscript

       restart|force-reload
              Stop everthing and then start everything again. For use from a startup script.

       ifup <interface-name>|all
              Bring  interfaces(s)  up  by  starting  any  protocol  daemons,   and   configuring
              interfaces.

       ifdown <interface-name>|all
              Shutdown said interface(s) by doing reverse of ifdown.

       ifqos <interface-name>|all
              Reload QoS configuration for interface(s).

       ifreload <interface-name>|all
              Refresh the interface setup and implement any configuration changes.

       ifreset <interface-name>|all
              Shutdown and then restart interface(s), reloading configuration from lower layer up
              to the network layer.

       ipfilter load|reload
              Load/reload the IPv4 iptables filters and reconfigure the  firewalling,  from  that
              saved  in  /etc/netscript/iptables  (via  iptables-restore(8)  ),  and the QoS fair
              queuing setup.

       ipfilter save
              Save the IPv4  iptables  configuration  to  /etc/netscript/iptables  via  iptables-
              save(8) , after backing it up to /etc/netscript/iptables.1 and cycling the previous
              backup files down through the configuration history.

       ipfilter usebackup [ backup-number ]
              Restore   setup   from   the    IPv4    iptables    backup    configuration    from
              /etc/netscript/iptables.n ( default 1 ) via iptables-restore(8).

       ipfilter clear|flush
              Remove  iptables  and  any  firewall  setup,  and  if  IPV4_FWDING_KERNEL is set to
              FILTER_ON (see network.conf(5) ),  disables  all  IPv4  packet  forwarding  on  the
              router.   Very  useful  for debugging protocol problems on a firewall by enabling a
              reasonably safe check to be made with the filtering down.

       ipfilter forward|fwd
              Turns on the IPv4 kernel forwarding switch manually.  This is irrespective  of  the
              setting  of  IPV4_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will
              allow traffic through the box.

       ipfilter noforward|nofwd
              Turns off the IPv4 kernel forwarding switch manually.  This is irrespective of  the
              setting  of  IPV4_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will
              cut off reachability.

       ipfilter fairq
              Reload the IPv4 fairq chain that marks the packets for the QoS  interface  transmit
              queues.

       ip6filter load|reload
              Load/reload  the  IPv6  iptables filters and reconfigure the firewalling, from that
              saved in /etc/netscript/ip6tables
               (via ip6tables-restore(8) ), and the QoS fair queuing setup.

       ip6filter save
              Save the IPv6 iptables  configuration  to  /etc/netscript/iptables  via  ip6tables-
              save(8)  ,  after  backing  it  up  to  /etc/netscript/ip6tables.1  and cycling the
              previous backup files down through the configuration history.

       ip6filter usebackup [ backup-number ]
              Restore   setup   from   the    IPv6    iptables    backup    configuration    from
              /etc/netscript/ip6tables.n ( default 1 ) via ip6tables-restore(8).

       ip6filter clear|flush
              Remove  IPv6  iptables  setup,  and  if IPV6_FWDING_KERNEL is set to FILTER_ON (see
              network.conf(5) ), disables all IPv6 packet forwarding on the router.  Very  useful
              for  debugging  protocol problems on a firewall by enabling a reasonably safe check
              to be made with the filtering down.

       ip6filter forward|fwd
              Turns on the IPv6 kernel forwarding switch manually.  This is irrespective  of  the
              setting  of  IPV6_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will
              allow traffic through the box.

       ip6filter noforward|nofwd
              Turns off the IPv6 kernel forwarding switch manually.  This is irrespective of  the
              setting  of  IPV6_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will
              affect reachability.

       ip6filter fairq
              Reload the IPv6 fairq chain that marks the packets for the QoS  interface  transmit
              queues.

FILES

       /etc/netscript/if.conf, /etc/netscript/ipfilter.conf,
       /etc/netscript/network.conf, /etc/netscript/qos.conf,
       /etc/netscript/iptables, /etc/netscript/ip6tables,

SEE ALSO

       if.conf(5),  ipfilter.conf(5),  network.conf(5),  qos.conf(5),  ip(8), tc(8), iptables(8),
       iptables-restore(8),  iptables-save(8),  ip6tables(8),  ip6tables-restore(8),   ip6tables-
       save(8), brcfg(8).

AUTHOR

       This  manual  page  was written by Matthew Grant <grantma@anathoth.gen.nz>, for the Debian
       GNU/Linux system (but may be used by others).

BUGS

       I wrote this manpage when I was half asleep...

                                         January 24, 2003                                  NET(8)