Home Page The Club Computers News Links Glossary EYAWTK
Before Amiga Background ICS OCS ECS AGA ??? PPC
U-Boot SLB Linux Amiga OS Dual Boot Motherboards Peripherals Other
Initialisation Installation OS4 Updates About OS4 File Systems Networking Printing Other
Introduction File System Workbench Preferences Commands Error Msgs Miscellaneous

AmigaOS 4.0 - About OS4 - Commands

IPF Networking
Purpose: To alter packet filtering lists for IP packet input and output.
Format: IPF [ -AdDEInoPrsvVyzZ ] [ -l block | pass | nomatch]
[ -F  | o | a | s | S] -f <filename> [ -f <filename> [...]]
Template: (none)
Path: C:IPF
IPF is used to alter packet filtering lists for IP packet input and output.

IPF opens the filenames listed (treating "-" as stdin) and parses the file for a set of rules which are to be added or removed from the packet filter rule set.

As long as there are no parsing problems, each rule processed by IPF is added to the kernel's internal lists. Rules are added to the end of the internal lists, matching the order in which they appear when given to IPF.

The following options are available:

-A Sets the list to make changes to the active list (default).
-d Turns debug mode on. Causes a hexdump of filter rules to be generated as it processes each one.
-D Disables the filter (if enabled). Not effective for loadable kernel versions.
-E Enables the filter (if disabled). Not effective for loadable kernel versions.
-f <filename> This option specifies which file(s) IPF should use to get input from for modifying the packet filter rule lists.
-F i
-F o
-F a
This option specifies which filter list to flush, i.e. "i" (input), "o" (output) or "a" (remove all filter rules). Either a single letter or an entire word starting with the appropriate letter maybe used. This option maybe before, or after, any other with the order on the command line being that used to execute options.
-F s
-F S
This option specifies which entries to flush from the state table, i.e. "s" (removes state information about any non-fully established connections) or "S" (deletes the entire state table). Only one of the two options may be given. A fully established connection will show up in IPFSTAT -s output as 4/4, with deviations either way indicating it is not fully established any more.
-I Sets the list to make changes to the inactive list.
-l pass
-l block
-l nomatch
Use of the -l flag toggles default logging of packets. Valid arguments to this option are pass, block and nomatch. When an option is set, any packet which exits filtering and matches the set category is logged. This is most useful for causing all packets which don't match any of the loaded rules to be logged.
-n This flag (no-change) prevents ipf from actually making any ioctl calls or doing anything which would alter the currently running kernel.
-o Force rules by default to be added/deleted to/from the output list, rather than the (default) input list.
-P Add rules as temporary entries in the authentication rule table.
-r Remove matching filter rules rather than add them to the internal lists.
-s Swap the active filter list in use to be the "other" one.
-v Turn verbose mode on. Displays information relating to rule processing.
-V Show version information. This will display the version information compiled into the ipf binary and retrieve it from the kernel code (if running/present). If it is present in the kernel, information about its current state will be displayed (whether logging is active, default filtering, etc).
-y Manually resyncs the in-kernel interface list maintained by IP Filter with the current interface status list.
-z For each rule in the input file, resets the statistics for it to zero and displays the statistics prior to them being zero'd.
-Z Zero global statistics held in the kernel for filtering only (this doesn't affect fragment or state statistics).

Example 1:

3.OS4:> IPF -z for each rule in the input file, resets the statistics to zero and displays the statistics prior to them being zero'd.

Example 2:

3.OS4:> IPF -f ipfrules specifies the file that IPF should use to get input for modifying the packet filter rule lists.


Return to Commands Selection

Disclaimer: Amiga Auckland have prepared the above information for the use of its members based on our experiences and as such is subject to revision at any time. Amiga Auckland cannot guarantee any of the information and cannot be held accountable for any issues that may result from using it.


Copyright 2006 Amiga Auckland Inc. All rights reserved.
Revised: February 9, 2006.