Provided by: filtergen_0.12.8-1_amd64 bug

NAME
       fgadm - filtergen command program


SYNOPSIS
       fgadm [ check | reload | save | stop ]


DESCRIPTION
       fgadm is a simple command interface for managing filtergen(8) based packet filters.


USAGE
       fgadm  can  be  used  to  stop existing filters (thus turning them off), reload new packet
       filters, save currently running filters for longevity, and to  check  filter  scripts  for
       errors before reloading.

       The following commands are accepted by fgadm:

       check  Check  the  filter  script  /etc/filtergen/rules.filter  for errors.  The generated
              filter will be printed on standard output, and errors printed to standard error.

       reload Replace the current live packet filter with the one in /etc/filtergen/rules.filter.
              The script will be tested for errors before reloading.

       save   The  current  live  packet filter will be saved in a distribution-friendly way.  On
              Red Hat systems, this will save the iptables or ipchains firewall that is currently
              loaded into the kernel to load at boot with the iptables or ipchains initscript.

       stop   This  command will flush the current live packet filter out and put it in a default
              accept mode, thus no firewalling will  be  in  place.   This  is  useful  to  abort
              firewalls in an emergency.


EXAMPLES
       One may find the following sequence of commands useful for making firewall changes on live
       servers:

       # at now + 2 min
       warning: commands will be executed using (in order) a) $SHELL b) login shell c) /bin/sh
       at> fgadm stop
       at> ^D<EOT>
       job 53 at 2004-06-07 17:25
       # fgadm check
       # fgadm reload
       # atq
       53
       # atrm 53
       # fgadm save


FILES
   /etc/filtergen/rules.filter
       Packet filter descriptions are read from this file when fgadm is used.

   /etc/filtergen/fgadm.conf
       This file alters the behaviour of filtergen as called from fgadm.


BUGS
       fgadm save does not work on Debian systems with iptables due to a lack of common sense  in
       the iptables package.


SEE ALSO
       filtergen(8), filter_syntax(5), filter_backends(5)


AUTHOR
       fgadm  was  written  by Jamie Wilkinson <jaq@spacepants.org> for the filtergen package, to
       ease maintenance of filtergen-based firewalls.

                                           June 7, 2004                                  FGADM(8)