Man pages sections > man8 > urukctl


urukctl(8) SYSTEM ADMINISTRATION urukctl(8)

NAME


urukctl - uruk control script

SYNOPSIS


urukctl command [argument]

DESCRIPTION


 
urukctl is the user interface for the uruk system. It is used to create or change saved iptables rulesets, to change the current loaded rulesets and to report on uruk's status.
 
See uruk(8) for information on how to get started with the Uruk system, and for a tutorial. This manpage gives just the details on urukctl.
 
The urukctl script calls uruk to process /etc/uruk/rc. (The uruk init script calls urukctl.)
 
These 4 ruleset pairs (for both IPv4 and IPv6) exist in a system using uruk:
 
 

 
the ruleset as expressed in the uruk configuration /etc/uruk/rc,
 

 
the 2 saved rulesets in /var/lib/{iptables,ip6tables}/{active,inactive}
 

 
the ruleset as currently loaded in the running kernel
 

 
optional: more rulesets saved in /var/lib/{iptables,ip6tables}
 
arguments
 
urukctl should be called as either urukctl argument or urukctl argument option. Possible values are:
 
 

start
 
If not yet done, save current iptables status in "inactive" ruleset. (Re)build and load the "active" ruleset.
 
 

save ruleset
 
Save the current iptables status in given ruleset.
 
 

create <active|inactive>
 
Create an "active" or "inactive" ruleset with sane defaults: "active" will be based upon the uruk rc file. "inactive" will allow all traffic.
 
 

load ruleset
 
Load a saved ruleset
 
 

reload
 
(Re)build and load the "active" ruleset, without temporarily clearing the current iptables status.
 
 

force-reload
 
(Re)build and load the "active" ruleset, in case uruk is running.
 
 

stop
 
Load the "inactive" ruleset.
 
 

restart
 
Perform stop-actions followed by start-actions.
 
 

status
 
Print the current status of the service: show which ruleset is loaded, and wether uruk is "running".
 
 

clear
 
Remove all rules and user-defined chains, set default policy to ACCEPT.
 
 

halt
 
Remove all rules and user-defined chains, set default policy to DROP.
 
 

flush
 
Flush all rules from the current iptables status.
 
configuration
 
urukctl uses the file /etc/default/uruk (on Debian, Ubuntu and related systems) or /etc/sysconfig/uruk (on Red Hat, Fedora and related systems) for configuration. Variables used in this file are:
 
 

enable_uruk_check
 
wether to check for existence and sanity of uruk rc file; set to false if you don't like this, e.g. when using the uruk initscript for managing saved rulesets only (i.e. not for calling uruk or uruk-save).
 
 

enable_ipv6
 
set to false to disable IPv6 support. Set to $(enable-ipv6) to dynamically decide wether to filter IPv6 traffic.
 
 

enable_uruk_save
 
enable calling the unstable uruk-save script.
 
 

enable_autosave
 
set to "false" to disable autosaving the active ruleset when going from start to stop.
 
 

enable_save_counters
 
set to "false" to disable saving table counters with rulesets.

SEE ALSO


uruk(8), uruk-rc(5), uruk-save(8). The Uruk homepage is at http://mdcc.cx/uruk/ .
 
iptables(8), iptables-save(8), iptables-restore(8), ip6tables(8), ip6tables-save(8), ip6tables-restore(8), http://www.netfilter.org/
 
interfaces(5), http://packages.debian.org/ifupdown.
Copyright (C) 2013 Joost van Baal-Ilić <joostvb-uruk@mdcc.cx>
 
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

AUTHOR


Joost van Baal-Ilić <joostvb-uruk@mdcc.cx>
9 авг 2013 urukctl 20130809