foomuuri - Man Page

foomuuri [OPTION] [COMMAND]

Foomuuri is a firewall generator for nftables based on the concept of zones. It is suitable for all systems from personal machines to corporate firewalls, and supports advanced features such as a rich rule language, IPv4/IPv6 rule splitting, dynamic DNS lookups, a D-Bus API and FirewallD emulation for NetworkManager’s zone support.

--help

display this help and exit

--verbose

verbose output

--version

output version information and exit

--set=option=value

set config option to value

start

load configuration files, generate new ruleset and load it to kernel

stop

remove ruleset from kernel

reload

same as start, followed by resolve and iplist refresh

status

show current status: running, zone-interface mapping

check

load configuration files and verify syntax

block

load “block all traffic” ruleset

list

list active ruleset currently loaded to kernel

list zone-zone {zone-zone...}

list active ruleset for zone-zone currently loaded to kernel

list macro

list all known macros

list counter

list all named counters

iplist list

list entries in all configured iplists and resolves

iplist list name {name...}

list entries in named iplist/resolve

iplist add name {timeout} ipaddress {ipaddress...}

add or refresh IP address to iplist

iplist del name ipaddress {ipaddress...}

delete IP address from iplist

iplist refresh name {name...}

refresh iplist @name entries now

set interface {interface} zone {zone}

change interface to zone

set interface {interface} zone -

remove interface from all zones

Foomuuri reads configuration files from /etc/foomuuri/*.conf. See full documentation for configuration syntax.

Kim B. Heino, b@bbbs.net, Foobar Oy

Submit bug reports <https://github.com/FoobarOy/foomuuri/issues>

Full documentation <https://github.com/FoobarOy/foomuuri/wiki>