| .\" Title: iptables-apply |
| .\" Author: Martin F. Krafft, GW |
| .\" Date: May 10, 2010 |
| .\" |
| .TH IPTABLES\-APPLY 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@" |
| .\" disable hyphenation |
| .nh |
| .SH NAME |
| iptables-apply \- a safer way to update iptables remotely |
| .SH SYNOPSIS |
| \fBiptables\-apply\fP [\-\fBhV\fP] [\fB-t\fP \fItimeout\fP] [\fB-w\fP \fIsavefile\fP] {[\fIrulesfile]|-c [runcmd]}\fP |
| .SH "DESCRIPTION" |
| .PP |
| iptables\-apply will try to apply a new rulesfile (as output by |
| iptables-save, read by iptables-restore) or run a command to configure |
| iptables and then prompt the user whether the changes are okay. If the |
| new iptables rules cut the existing connection, the user will not be |
| able to answer affirmatively. In this case, the script rolls back to |
| the previous working iptables rules after the timeout expires. |
| .PP |
| Successfully applied rules can also be written to savefile and later used |
| to roll back to this state. This can be used to implement a store last good |
| configuration mechanism when experimenting with an iptables setup script: |
| iptables-apply \-w /etc/network/iptables.up.rules \-c /etc/network/iptables.up.run |
| .PP |
| When called as ip6tables\-apply, the script will use |
| ip6tables\-save/\-restore and IPv6 default values instead. Default |
| value for rulesfile is '/etc/network/iptables.up.rules'. |
| .SH OPTIONS |
| .TP |
| \fB\-t\fP \fIseconds\fR, \fB\-\-timeout\fP \fIseconds\fR |
| Sets the timeout in seconds after which the script will roll back |
| to the previous ruleset (default: 10). |
| .TP |
| \fB\-w\fP \fIsavefile\fR, \fB\-\-write\fP \fIsavefile\fR |
| Specify the savefile where successfully applied rules will be written to |
| (default if empty string is given: /etc/network/iptables.up.rules). |
| .TP |
| \fB\-c\fP \fIruncmd\fR, \fB\-\-command\fP \fIruncmd\fR |
| Run command runcmd to configure iptables instead of applying a rulesfile |
| (default: /etc/network/iptables.up.run). |
| .TP |
| \fB\-h\fP, \fB\-\-help\fP |
| Display usage information. |
| .TP |
| \fB\-V\fP, \fB\-\-version\fP |
| Display version information. |
| .SH "SEE ALSO" |
| .PP |
| \fBiptables-restore\fP(8), \fBiptables-save\fP(8), \fBiptables\fR(8). |
| .SH LEGALESE |
| .PP |
| Original iptables-apply - Copyright 2006 Martin F. Krafft <madduck@madduck.net>. |
| Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>. |
| .PP |
| This manual page was written by Martin F. Krafft <madduck@madduck.net> and |
| extended by GW <gw.2010@tnode.com or http://gw.tnode.com/>. |
| .PP |
| Permission is granted to copy, distribute and/or modify this document |
| under the terms of the Artistic License 2.0. |