ipmasq-rule(5)
NAME
ipmasq-rule - rules file used to set up IP Masquerading
SYNOPSIS
/etc/ipmasq/rules/*.{rul,def}
DESCRIPTION
- This manual page documents the rules files used by the
- ipmasq command. ipmasq sources these rules files using sh(1).
- Only those files ending with the extensions .rul or .def are
- sourced, so as to prevent old rules (for example, left around by
- editor backups) from being put back into service.
- ipmasq sources the rules files by listing the files in the
- directory /etc/ipmasq/rules with the extensions .rul or .def.
- This list is sorted, and for each basename, the .rul rule is
- sourced if it exists, otherwise the .def rule is sourced.
ENVIRONMENT VARIABLES AVAILABLE TO RULES
- The following environment variables are available to
- rules:
- PATH The PATH for rules is explicitly set to "/usr/lo
- cal/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin".
- EXTERNAL_OUT
- Names of the interfaces currently sending packets
- outbound from the system to external networks.
- EXTERNAL_IN
- Names of the interfaces currently receiving packets
- inbound to the system from external networks.
- EXTERNAL
- Names of the interfaces currently connected to ex
- ternal networks. This is a combination of EXTERNAL_OUT and
EXTERNAL_IN
- INTERNAL
- Names of all the interfaces on the system currently
- up and configured with an IP address and netmask, with the excep
- tion of the loopback interface (lo), and EXTERNAL.
- IPFWADM
- Path to the ipfwadm utility. Use of this variable
- is recommended, as its use will automatically support the --dis
- play, --no-act, and --verbose options of ipmasq(8).
- IPCHAINS
- Path to the ipchains utility. Use of this variable
- is recommended, as its use will automatically support the --dis
- play, --no-act, and --verbose options of ipmasq(8).
- IPTABLES
- Path to the iptables utility. Use of this variable
- is recommended, as its use will automatically support the --dis
- play, --no-act, and --verbose options of ipamsq(8).
- MASQMETHOD
- One of ipfwadm, ipchains or netfilter depending on
- the interface of the currently running kernel.
- SHOWRULES
- Set to yes if ipmasq(8) has been called with either
- the --display or the --verbose flag, indicating the user wishes
- rules to be displayed.
- NOACT Set to yes if ipmasq(8) has been called with either
- the --display or the --no-act flag, indicating the user wishes
- rules not to be executed.
SHELL FUNCTIONS AVAILABLE TO RULES
The following shell functions are available to rules:
- ipnm_cache
- In order to speed the creation of the ruleset, the
- IP address and netmask of the interfaces listed in INTERNAL and
EXTERNAL
cached information. The IP address, netmask, point-to-point
peer, and broadcast address are returned in the environment variables IPOFIF, NMOFIF, PEEROFIF, and BCOFIF respectively.
FILES
- /etc/ipmasq/rules/*.def
- Package defined default rules files. Do not edit,
- instead create a .rul file.
- /etc/ipmasq/rules/*.rul
- User defined rules files. Each overrides the cor
- responding .def file.
CAVEATS
- Previous versions of ipmasq(8) guaranteed that rule files
- would be sourced using bash(1). However, since bash(1) is a re
- source hog, especially on systems often used as ipmasq boxes,
- this guarantee was removed as of ipmasq version 3.3.3. Check
- your rules files for ``bashisms.''
SEE ALSO
- ipmasq(8), sh(1), ipofif(8), nmofif(8), peerofif(8),
- bcofif(8), default-if(8), enumerate-if(8), ipfwadm(8),
- ipchains(8), iptables(8)
AUTHOR
- This manual page was written by Brian Bassett <brianb@de
- bian.org>, for the Debian GNU/Linux system (but may be used by
- others).
IP