bionic (8) ipkungfu.8.gz

Provided by: ipkungfu_0.6.1-6.2_amd64 bug

NAME
       ipkungfu - An iptables-based firewall for Linux


SYNOPSIS
       ipkungfu [ -c ] [ -t ] [ -d ] [ -h ] [ -v ] [ --quiet ] [ --panic ] [ --no-caching


DESCRIPTION
       ipkungfu  is  an  iptables-based  Linux firewall. The primary design goals are security, ease of use, and
       performance, in that order. It takes advantage of advanced features of  iptables,  tcpwrappers,  and  the
       Linux  kernel. It also simplifies the configuration of internet connection sharing, advanced routing, and
       other networking needs.


OPTIONS
       -c  (or  --check)
                   Check whether ipkungfu is loaded, and report any command line options it may have been loaded
                   with.

       -t  (or  --test)
                   Runs a configuration test, and displays the results.  Note that this does not test or display
                   all configuration options.  This gives you an opportunity to verify that major  configuration
                   options are correct before putting them into action.

       -d  (or  --disable)
                   Disables  the  firewall.  It is important to know exactly what this option does.  All traffic
                   is allowed in and out, and in the case of a gateway, all  NATed  traffic  is  forwarded  (the
                   option  retains  your  connection  sharing  options).   Custom rules are not implemented, and
                   deny_hosts.conf is ignored.

       -f  (or  --flush)
                   Disables the firewall COMPLETELY.  All rules are flushed, all chains are removed.   Any  port
                   forwarding or internet connection sharing will cease to work.

       -h  (or  --help)
                   Displays brief usage information and exits.

       -v  (or  --version)
                   Displays version information and exits.

       --quiet     Runs ipkungfu with no standard output

       --panic     Drops ALL traffic in all directions on all network interfaces.  You should probably never use
                   this option.  The --panic option is available for the highly unusual situation where you know
                   that an attack is underway but you know of no other way to stop it.

       --failsafe  If  ipkungfu fails, --failsafe will cause all firewall policies to revert to ACCEPT.  This is
                   useful when working with ipkungfu remotely, to prevent loss of remote access due to  firewall
                   failure.

       --no-caching
                   Disables rules caching feature.


FILES
       /etc/ipkungfu/ipkungfu.conf
       /etc/ipkungfu/advanced.conf
       /etc/ipkungfu/accept_hosts.conf
       /etc/ipkungfu/deny_hosts.conf
       /etc/ipkungfu/custom.conf
       /etc/ipkungfu/log.conf
       /etc/ipkungfu/redirect.conf
       /etc/ipkungfu/services.conf
       /usr/sbin/ipkungfu
       /usr/share/doc/ipkungfu/AUTHORS
       /usr/share/doc/ipkungfu/README
       /usr/share/doc/ipkungfu/FAQ
       /usr/share/doc/ipkungfu/ChangeLog
       /usr/share/doc/ipkungfu/COPYING


SEE ALSO
       iptables(8).

                                                  January 2003                                       ipkungfu(8)