wiki:VuurmuurScript

Vuurmuur Scripting

Using the vuurmuur_script command you can modify settings from the commandline. Here you find a description of the options.

Examples:

Gives a list of all groups:

vuurmuur_script --list --group any

Gives a list of all groups in network localnet.lan

vuurmuur_script --list --group localnet.lan

Print content of host server.localnet.lan:

vuurmuur_script --print --host server.localnet.lan

Create an empty host:

vuurmuur_script --create --host pc1.localnet.lan

Set the host to active:

vuurmuur_script --modify --host pc1.localnet.lan --variable ACTIVE --set Yes

Set the ipaddress of the new host:

vuurmuur_script --modify --host pc1.localnet.lan --variable IPADDRESS --set 192.168.1.15

Append a rule to the rules list:

vuurmuur_script -M -r rules -V RULE -S "accept service ftp from pc1.localnet.lan to firewall" -A

Add the ipaddress 1.2.3.4 to the blocklist:

vuurmuur_script --block 1.2.3.4

Remove an ipaddress from the blocklist:

vuurmuur_script --unblock 1.2.3.4

Returncodes:

0ok
1commandline option error
2command failed
3object supplied with -n does not exist
4object supplied with -n already exists
5could not allocate memory (no more free memory?)
6found some inconsistencies in the data (this should never happen, of course)
254internal program error

Commandline options:

-cvuurmuur config file locationoptional
-vverboseoptional
-d1-3 debug leveloptional
-hprint short help

Command options:

-C--createcreate a new object.
-D--deletedelete an object.
-R--renamerename an object. The new name must be supplied with --set
-M--modifymodify a variable supplied with --var in an object. Use --set for the new value.
-L--listlist objects.
-P--printprint the content of an object. Use --var to print only one variable.
--blockadd a host to the blocklist.
--unblockremove a host from the blocklist.
--list-blockedshow current blocklist
--reloadsignals the vuurmuur and vuurmuur_log processes to reload their config. This is has the same effect as 'apply changes' from vuurmuur_conf

Object types:

-o <name>--host <name>host.
-g <name>--group <name>group.
-n <name>--network <name>network.
-z <name>--zone <name>zone.
-s <name>--service <name>service.
-i <name>--interface <name>interface.
-r <name>--rule <name>rule.

Other options:

-A--appendappend instead of overwrite when using the modify command.
-O--overwriteoverwrite when using the modify command (enabled by default)
-V <variable name>--variable <variable name>name of the variable to modify or print. Use the print command on an object to get a list of valid variables.
-S <value>--set <value>value to set on modify, or new name in case of rename.
--applyapplies the change directly to the running vuurmuur daemons.
--noapplydoes not apply the change directly to the running vuurmuur daemons when by default it would (--block and --unblock).
Last modified 10 years ago Last modified on 07/23/08 18:15:02