knoptm (8) - Linux Manuals
knoptm: Daemon in charge to remove firewall rules.
NAME
knoptm - Daemon in charge to remove firewall rules.DESCRIPTION
knoptm is a daemon that removes rule entries from the iptables or ipfw policies to which fwknop has added access rules for legitimate fwknop PK/SPA clients. This daemon runs in all authentication modes supported by fwknopd (both port knocking and SPA), and enforces rule timeouts that defined by the /etc/fwknop/access.conf file.OPTIONS
- -c, --config
<config-file> - When run as a daemon knoptm references the file /etc/fwknop/fwknop.conf for various run-time configuration variables. The path to this file can be changed through the use of the --config command line option.
- -i, --interface
- Specify the interface that fwknopd sniffs to acquire packet data. This is used for running interface checks, such as checking whether the interface has been deleted and recreated (e.g. ppp restart for a VPN connection). The fwknopd daemon passes this argument on the knoptm command line.
- --Debug-to-file
<file> - Allow the user to collect outputs from the knoptm daemon by writing debug informations to a specific file.
- --firewall-type
<firewall> - Manually specify the firewall type from the command line.
- -h, --help
- Display usage information and exit.
- -V, --Version
- Display version information and exit.
- --Lib-dir
<directory> - Path to the perl modules directory (not usually necessary).
- -l, --locale
<locale> - Provide a locale setting other than the default "C" locale.
- --no-locale
- Do not set the locale at all so that the default system locale will apply.
- --no-logs
- Do not generate any log output or emails (fwknop_test.pl uses this).
- --no-voluntary-exits
- Disregard ENABLE_VOLUNTARY_EXITS setting. This way fwknopd/knoptm is not allowed to be restarted periodically according to EXIT_INTERVAL.
- -O, --Override-config
<file> -
Override config variable values that are normally read from the
/etc/fwknop/fwknop.conf file with values from the specified file. Multiple
override config files can be given as a comma separated list.
DIAGNOSTICS
knoptm can be run in debug mode with the --debug command line option. This will disable daemon mode execution, and print verbose information to the screen on STDERR.AUTHOR
Michael Rash <mbr [at] cipherdyne.org>DISTRIBUTION
knoptm is distributed under the GNU General Public License (GPL), and the latest version may be downloaded from http://www.cipherdyne.org/