knoptm (8) - Linux Manuals

knoptm: Daemon in charge to remove firewall rules.

NAME

knoptm - Daemon in charge to remove firewall rules.

DESCRIPTION

knoptm is a daemon that removes rule entries from the iptables or ipfw policies to which fwknop has added access rules for legitimate fwknop PK/SPA clients. This daemon runs in all authentication modes supported by fwknopd (both port knocking and SPA), and enforces rule timeouts that defined by the /etc/fwknop/access.conf file.

OPTIONS

-c, --config <config-file>
When run as a daemon knoptm references the file /etc/fwknop/fwknop.conf for various run-time configuration variables. The path to this file can be changed through the use of the --config command line option.
-i, --interface
Specify the interface that fwknopd sniffs to acquire packet data. This is used for running interface checks, such as checking whether the interface has been deleted and recreated (e.g. ppp restart for a VPN connection). The fwknopd daemon passes this argument on the knoptm command line.
--Debug-to-file <file>
Allow the user to collect outputs from the knoptm daemon by writing debug informations to a specific file.
--firewall-type <firewall>
Manually specify the firewall type from the command line.
-h, --help
Display usage information and exit.
-V, --Version
Display version information and exit.
--Lib-dir <directory>
Path to the perl modules directory (not usually necessary).
-l, --locale <locale>
Provide a locale setting other than the default "C" locale.
--no-locale
Do not set the locale at all so that the default system locale will apply.
--no-logs
Do not generate any log output or emails (fwknop_test.pl uses this).
--no-voluntary-exits
Disregard ENABLE_VOLUNTARY_EXITS setting. This way fwknopd/knoptm is not allowed to be restarted periodically according to EXIT_INTERVAL.
-O, --Override-config <file>
Override config variable values that are normally read from the /etc/fwknop/fwknop.conf file with values from the specified file. Multiple override config files can be given as a comma separated list.

DIAGNOSTICS

knoptm can be run in debug mode with the --debug command line option. This will disable daemon mode execution, and print verbose information to the screen on STDERR.

AUTHOR

Michael Rash <mbr [at] cipherdyne.org>

DISTRIBUTION

knoptm is distributed under the GNU General Public License (GPL), and the latest version may be downloaded from http://www.cipherdyne.org/

SEE ALSO

fwknopd(8),