| Version 1 (modified by , 12 years ago) (diff) |
|---|
Vuurmuur Scripting
Using the vuurmuur_script command you can modify settings from the commandline. Here you find a description of the options.
Examples:
Gives a list of all groups:
vuurmuur_script --list --group any
Gives a list of all groups in network localnet.lan
vuurmuur_script --list --group localnet.lan
Print content of host server.localnet.lan:
vuurmuur_script --print --host server.localnet.lan
Create an empty host:
vuurmuur_script --create --host pc1.localnet.lan
Set the host to active:
vuurmuur_script --modify --host pc1.localnet.lan --variable ACTIVE --set Yes
Set the ipaddress of the new host:
vuurmuur_script --modify --host pc1.localnet.lan --variable IPADDRESS --set 192.168.1.15
Append a rule to the rules list:
vuurmuur_script -M -r rules -V RULE -S "accept service ftp from pc1.localnet.lan to firewall" -A
Add the ipaddress 1.2.3.4 to the blocklist:
vuurmuur_script --block 1.2.3.4
Remove an ipaddress from the blocklist:
vuurmuur_script --unblock 1.2.3.4
Returncodes:
| 0 | ok |
| 1 | commandline option error |
| 2 | command failed |
| 3 | object supplied with -n does not exist |
| 4 | object supplied with -n already exists |
| 5 | could not allocate memory (no more free memory?) |
| 6 | found some inconsistencies in the data (this should never happen, of course) |
| 254 | internal program error |
Commandline options:
| -c | vuurmuur config file location | optional |
| -v | verbose | optional |
| -d | 1-3 debug level | optional |
| -h | print short help |
Command options:
| -C | --create | create a new object. |
| -D | --delete | delete an object. |
| -R | --rename | rename an object. The new name must be supplied with --set |
| -M | --modify | modify a variable supplied with --var in an object. Use --set for the new value. |
| -L | --list | list objects. |
| -P | print the content of an object. Use --var to print only one variable. | |
| --block | add a host to the blocklist. | |
| --unblock | remove a host from the blocklist. | |
| --list-blocked | show current blocklist | |
Object types:
| -o <name> | --host <name> | host. |
| -g <name> | --group <name> | group. |
| -n <name> | --network <name> | network. |
| -z <name> | --zone <name> | zone. |
| -s <name> | --service <name> | service. |
| -i <name> | --interface <name> | interface. |
| -r <name> | --rule <name> | rule. |
Other options:
| -A | --append | append instead of overwrite when using the modify command. |
| -O | --overwrite | overwrite when using the modify command (enabled by default) |
| -V <variable name> | --variable <variable name> | name of the variable to modify or print. Use the print command on an object to get a list of valid variables. |
| -S <value> | --set <value> | value to set on modify, or new name in case of rename. |
| --apply | applies the change directly to the running vuurmuur daemons. | |
| --noapply | does not apply the change directly to the running vuurmuur daemons when by default it would (--block and --unblock). | |
