diff options
Diffstat (limited to 'usr/src/man/man8/ipfs.8')
| -rw-r--r-- | usr/src/man/man8/ipfs.8 | 249 |
1 files changed, 249 insertions, 0 deletions
diff --git a/usr/src/man/man8/ipfs.8 b/usr/src/man/man8/ipfs.8 new file mode 100644 index 0000000000..52e9ce6d08 --- /dev/null +++ b/usr/src/man/man8/ipfs.8 @@ -0,0 +1,249 @@ +'\" te +.\" To view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed +.\" location. +.\" Portions Copyright (c) 2008, Sun Microsystems Inc. All Rights Reserved. +.\" Portions Copyright (c) 2013, Joyent, Inc. All Rights Reserved. +.TH IPFS 8 "Oct 30, 2013" +.SH NAME +ipfs \- saves and restores information for NAT and state tables +.SH SYNOPSIS +.LP +.nf +\fBipfs\fR [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-nv\fR] \fB-l\fR +.fi + +.LP +.nf +\fBipfs\fR [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-nv\fR] \fB-u\fR +.fi + +.LP +.nf +\fBipfs\fR [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-nv\fR] [\fB-d\fR \fIdirname\fR] \fB-R\fR +.fi + +.LP +.nf +\fBipfs\fR [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-nv\fR] [\fB-d\fR \fIdirname\fR] \fB-W\fR +.fi + +.LP +.nf +\fBipfs\fR [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-nNSv\fR] [\fB-f\fR \fIfilename\fR] \fB-r\fR +.fi + +.LP +.nf +\fBipfs\fR [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-nNSv\fR] [\fB-f\fR \fIfilename\fR] \fB-w\fR +.fi + +.LP +.nf +\fBipfs\fR [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-nNSv\fR] \fB-f\fR \fIfilename\fR \fB-i\fR \fI<if1>\fR,\fI<if2>\fR +.fi + +.SH DESCRIPTION +.LP +The \fBipfs\fR utility enables the saving of state information across reboots. +Specifically, the utility allows state information created for NAT entries and +rules using "keep state" to be locked (modification prevented) and then saved +to disk. Then, after a reboot, that information is restored. The result of this +state-saving is that connections are not interrupted. +.SH OPTIONS +.LP +The following options are supported: +.sp +.ne 2 +.na +\fB\fB-d\fR\fR +.ad +.RS 6n +Change the default directory used with \fB-R\fR and \fB-W\fR options for saving +state information. +.RE + +.sp +.ne 2 +.na +\fB\fB-n\fR\fR +.ad +.RS 6n +Do not take any action that would affect information stored in the kernel or on +disk. +.RE + +.sp +.ne 2 +.na +\fB\fB-v\fR\fR +.ad +.RS 6n +Provides a verbose description of \fBipfs\fR activities. +.RE + +.sp +.ne 2 +.na +\fB\fB-N\fR\fR +.ad +.RS 6n +Operate on NAT information. +.RE + +.sp +.ne 2 +.na +\fB\fB-S\fR\fR +.ad +.RS 6n +Operate on filtering state information. +.RE + +.sp +.ne 2 +.na +\fB\fB-u\fR\fR +.ad +.RS 6n +Unlock state tables in the kernel. +.RE + +.sp +.ne 2 +.na +\fB\fB-l\fR\fR +.ad +.RS 6n +Lock state tables in the kernel. +.RE + +.sp +.ne 2 +.na +\fB\fB-r\fR\fR +.ad +.RS 6n +Read information in from the specified file and load it into the kernel. This +requires the state tables to have already been locked and does not change the +lock once complete. +.RE + +.sp +.ne 2 +.na +\fB\fB-w\fR\fR +.ad +.RS 6n +Write information out to the specified file and from the kernel. This requires +the state tables to have already been locked and does not change the lock once +complete. +.RE + +.sp +.ne 2 +.na +\fB\fB-R\fR\fR +.ad +.RS 6n +Restores all saved state information, if any, from two files, \fBipstate.ipf\fR +and \fBipnat.ipf\fR, stored in the \fB/var/db/ipf\fR directory. This directory +can be changed with the \fB-d\fR option. The state tables are locked at the +beginning of this operation and unlocked once complete. +.RE + +.sp +.ne 2 +.na +\fB\fB-W\fR\fR +.ad +.RS 6n +Saves in-kernel state information, if any, out to two files, \fBipstate.ipf\fR +and \fBipnat.ipf\fR, stored in the \fB/var/db/ipf\fR directory. This directory +can be changed with the \fB-d\fR option. The state tables are locked at the +beginning of this operation and unlocked once complete. +.RE + +.sp +.ne 2 +.na +\fB\fB-z\fR \fIzonename\fR\fR +.ad +.RS 6n +Operate on the in-zone state information for the specified zone. If neither +this option nor \fB-G\fR is specified, the current zone is used. This command +is only available in the Global Zone. See \fBZONES\fR in \fBipf\fR(8) for +more information. +.RE + +.sp +.ne 2 +.na +\fB\fB-G\fR \fIzonename\fR\fR +.ad +.RS 6n +Operate on the global zone controlled state information for the specified +zone. If neither this option nor \fB-z\fR is specified, the current zone is +used. This command is only available in the Global Zone. See \fBZONES\fR in +\fBipf\fR(8) for more information. +.RE + +.SH FILES +.RS +4 +.TP +.ie t \(bu +.el o +\fB/var/db/ipf/ipstate.ipf\fR +.RE +.RS +4 +.TP +.ie t \(bu +.el o +\fB/var/db/ipf/ipnat.ipf\fR +.RE +.RS +4 +.TP +.ie t \(bu +.el o +\fB/dev/ipl\fR +.RE +.RS +4 +.TP +.ie t \(bu +.el o +\fB/dev/ipstate\fR +.RE +.RS +4 +.TP +.ie t \(bu +.el o +\fB/dev/ipnat\fR +.RE +.SH ATTRIBUTES +.LP +See \fBattributes\fR(7) for descriptions of the following attributes: +.sp + +.sp +.TS +box; +c | c +l | l . +ATTRIBUTE TYPE ATTRIBUTE VALUE +_ +Interface Stability Committed +.TE + +.SH SEE ALSO +.LP +.BR attributes (7), +.BR zones (7), +.BR ipf (8), +.BR ipmon (8), +.BR ipnat (8) +.SH DIAGNOSTICS +.LP +Arguably, the \fB-W\fR and \fB-R\fR operations should set the locking and, +rather than undo it, restore it to what it was previously. +.sp +.LP +Fragment table information is currently not saved. |