Provided by: netscript-2.4-upstart_5.3.0ubuntu1_all 
NAME
netscript - netscript network configuration command
SYNOPSIS
netscript start|stop|reload|restart
netscript ifup|ifdown|ifqos|ifreload <interface-name>|all
netscript ipfilter load|clear|fairq|flush|reload|save
netscript ipfilter usebackup [ backup-number ]
netscript ipfilter exec <function-name1>|<function-name2> [chain p1 p2 ...]
netscript ip6filter load|clear|fairq|flush|reload|save
netscript ip6filter usebackup [ backup-number ]
netscript ip6filter exec <function-name1>|<function-name2> [chain p1 p2 ...]
DESCRIPTION
This manual page documents briefly the netscript command from the netscript
router/firewall network configuration package.
This command is used to configure/reconfigure the interface configuration, ipchains filter
setup, and ip route service ( QoS ) setup that are configured in netscript's configuration
files. It can manipulate individual interfaces, and reconfigure the iptables filter
contents and firewall setup, or reconfigure the QoS setup.
It is rather incomplete as it does not describe fully the finely tuned manipulations that
happen due to netscript's design which enables a Linux box to serve as a high availability
heavy-duty mission-critcial network router or firewall.
IPTABLES CONFIGURATION
Configuration saving is done by iptables-save(8) and iptables-restore(8).
OPTIONS
start Set up networking configruation by loading ipcahins filters, setting up bridge,
configuring interfaces and running any configured lower layer protocol daemons or
commands. For use from a startup script.
stop Shut everything down. For use from a startup script.
reload Refresh the setup of netscript except for iptables from the configuration files in
/etc/netscript
restart|force-reload
Stop everthing and then start everything again. For use from a startup script.
ifup <interface-name>|all
Bring interfaces(s) up by starting any protocol daemons, and configuring
interfaces.
ifdown <interface-name>|all
Shutdown said interface(s) by doing reverse of ifdown.
ifqos <interface-name>|all
Reload QoS configuration for interface(s).
ifreload <interface-name>|all
Refresh the interface setup and implement any configuration changes.
ifreset <interface-name>|all
Shutdown and then restart interface(s), reloading configuration from lower layer up
to the network layer.
ipfilter load|reload
Load/reload the IPv4 iptables filters and reconfigure the firewalling, from that
saved in /etc/netscript/iptables (via iptables-restore(8) ), and the QoS fair
queuing setup.
ipfilter save
Save the IPv4 iptables configuration to /etc/netscript/iptables via iptables-
save(8) , after backing it up to /etc/netscript/iptables.1 and cycling the previous
backup files down through the configuration history.
ipfilter usebackup [ backup-number ]
Restore setup from the IPv4 iptables backup configuration from
/etc/netscript/iptables.n ( default 1 ) via iptables-restore(8).
ipfilter clear|flush
Remove iptables and any firewall setup, and if IPV4_FWDING_KERNEL is set to
FILTER_ON (see network.conf(5) ), disables all IPv4 packet forwarding on the
router. Very useful for debugging protocol problems on a firewall by enabling a
reasonably safe check to be made with the filtering down.
ipfilter forward|fwd
Turns on the IPv4 kernel forwarding switch manually. This is irrespective of the
setting of IPV4_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will
allow traffic through the box.
ipfilter noforward|nofwd
Turns off the IPv4 kernel forwarding switch manually. This is irrespective of the
setting of IPV4_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will
cut off reachability.
ipfilter fairq
Reload the IPv4 fairq chain that marks the packets for the QoS interface transmit
queues.
ip6filter load|reload
Load/reload the IPv6 iptables filters and reconfigure the firewalling, from that
saved in /etc/netscript/ip6tables
(via ip6tables-restore(8) ), and the QoS fair queuing setup.
ip6filter save
Save the IPv6 iptables configuration to /etc/netscript/iptables via ip6tables-
save(8) , after backing it up to /etc/netscript/ip6tables.1 and cycling the
previous backup files down through the configuration history.
ip6filter usebackup [ backup-number ]
Restore setup from the IPv6 iptables backup configuration from
/etc/netscript/ip6tables.n ( default 1 ) via ip6tables-restore(8).
ip6filter clear|flush
Remove IPv6 iptables setup, and if IPV6_FWDING_KERNEL is set to FILTER_ON (see
network.conf(5) ), disables all IPv6 packet forwarding on the router. Very useful
for debugging protocol problems on a firewall by enabling a reasonably safe check
to be made with the filtering down.
ip6filter forward|fwd
Turns on the IPv6 kernel forwarding switch manually. This is irrespective of the
setting of IPV6_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will
allow traffic through the box.
ip6filter noforward|nofwd
Turns off the IPv6 kernel forwarding switch manually. This is irrespective of the
setting of IPV6_FWDING_KERNEL (see network.conf(5) ). Use with caution as it will
affect reachability.
ip6filter fairq
Reload the IPv6 fairq chain that marks the packets for the QoS interface transmit
queues.
FILES
/etc/netscript/if.conf, /etc/netscript/ipfilter.conf,
/etc/netscript/network.conf, /etc/netscript/qos.conf,
/etc/netscript/iptables, /etc/netscript/ip6tables,
SEE ALSO
if.conf(5), ipfilter.conf(5), network.conf(5), qos.conf(5), ip(8), tc(8), iptables(8),
iptables-restore(8), iptables-save(8), ip6tables(8), ip6tables-restore(8), ip6tables-
save(8), brcfg(8).
AUTHOR
This manual page was written by Matthew Grant <grantma@anathoth.gen.nz>, for the Debian
GNU/Linux system (but may be used by others).
BUGS
I wrote this manpage when I was half asleep...
January 24, 2003 NET(8)