fgadm

FGADM(8)                     System Manager's Manual                    FGADM(8)



NAME
       fgadm - filtergen command program


SYNOPSIS
       fgadm [ check | reload | save | stop ]


DESCRIPTION
       fgadm is a simple command interface for managing filtergen(8) based
       packet filters.


USAGE
       fgadm can be used to stop existing filters (thus turning them off),
       reload new packet filters, save currently running filters for longevity,
       and to check filter scripts for errors before reloading.


       The following commands are accepted by fgadm:


       check  Check the filter script /etc/filtergen/rules.filter for errors.
              The generated filter will be printed on standard output, and
              errors printed to standard error.


       reload Replace the current live packet filter with the one in
              /etc/filtergen/rules.filter.  The script will be tested for errors
              before reloading.


       save   The current live packet filter will be saved in a distribution-
              friendly way.  On Red Hat systems, this will save the iptables or
              ipchains firewall that is currently loaded into the kernel to load
              at boot with the iptables or ipchains initscript.


       stop   This command will flush the current live packet filter out and put
              it in a default accept mode, thus no firewalling will be in place.
              This is useful to abort firewalls in an emergency.


EXAMPLES
       One may find the following sequence of commands useful for making
       firewall changes on live servers:

       # at now + 2 min
       warning: commands will be executed using (in order) a) $SHELL b) login
       shell c) /bin/sh
       at> fgadm stop
       at> ^D<EOT>
       job 53 at 2004-06-07 17:25
       # fgadm check
       # fgadm reload
       # atq
       53
       # atrm 53
       # fgadm save


FILES
   /etc/filtergen/rules.filter
       Packet filter descriptions are read from this file when fgadm is used.


   /etc/filtergen/fgadm.conf
       This file alters the behaviour of filtergen as called from fgadm.


BUGS
       fgadm save does not work on Debian systems with iptables due to a lack of
       common sense in the iptables package.


SEE ALSO
       filtergen(8), filter_syntax(5), filter_backends(5)


AUTHOR
       fgadm was written by Jamie Wilkinson <jaq@spacepants.org> for the
       filtergen package, to ease maintenance of filtergen-based firewalls.



                                  June 7, 2004                          FGADM(8)