-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
51 lines (43 loc) · 2.26 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
IP-ARRAY README
What is IP-Array?
IP-Array is a command-line program (you may also say `script') written for bash
(the bash shell www.gnu.org/software/bash).
It's purpose is to configure IPv4 firewalling and traffic shaping of a linux host.
To achieve this, IP-Array modifies the linux kernels netfilter / traffic control
subsystems via the userspace tools iptables / ipset / tc.
It also allows to load and / or unload netfilter related kernel modules and
configure the kernel using the sysctl program.
Intended Audience: Advanced End Users, System Administrators.
Field of application: From a single host system to a multi-homed router or gateway.
Where to get it?
IP-Array is currently hosted at sf.net.
The project page is at: http://sourceforge.net/projects/ip-array/.
Its homepage is at: http://ip-array.sourceforge.net/.
Features
It does support most features of iptables and some of xtables-addons.
- iptables rules are written in simple XML.
They can be written in different ways depending on the need.
Either as (grouped / nested) XML tags, or so called ruleblocks,
where only values have to be put into.
Their structure is defined by custom templates.
- ipset and sysctl rules are written in XML.
- Different start modi.
- Custom epilog and prolog scripts for each start mode.
- Muliple levels of output verbosity with optional syslog logging.
- Coloured output (can be disabled).
- Automatic 'jump tree' creation options.
- An interactive wizard based mode to create configuration files.
- Public functions available in rule files.
- ipset support. Besides creation of sets, they can also be imported from plain,
or in ipset save XML format formatted files.
- Some autoconfig presets for DNS, FTP, SMTP, NTP, IPSEC, etc.
- Traffic shaping - creation of htb and sfq qdiscs, tc classes and filters.
- The ability to save the generated iptables / ipset, tc rules, modprobe,
or sysctl commands, selectively or all together, to a file.
- Error handling. Previous system states can be restored on error.
- An install and uninstall script.
- Rich set of command line options.
- Bash completion compspec is included.
- A reference manual, man pages and command line help.
Installation, Configuration, System Requirements, etc.
Please read the reference manual.