ipmasq-rule - rules file used to set up IP Masquerading
SYNOPSIS
/etc/ipmasq/rules/*.{rul,def}
DESCRIPTION
This manual page documents the rules files used by the
ipmasq command.
ipmasq sources these rules files using
sh(1) . Only those files ending with the extensions
.rul or
.def are sourced, so as to prevent old rules (for example, left around by editor backups) from being put back into service.
ipmasq sources the rules files by listing the files in the directory
/etc/ipmasq/rules with the extensions
.rul or
.def . This list is sorted, and for each basename, the
.rul rule is sourced if it exists, otherwise the
.def rule is sourced.
ENVIRONMENT VARIABLES AVAILABLE TO RULES
The following environment variables are available to rules:
PATH
The
PATH for rules is explicitly set to "/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin".
EXTERNAL_OUT
Names of the interfaces currently sending packets outbound from the system
to external networks.
EXTERNAL_IN
Names of the interfaces currently receiving packets inbound to the system
from external networks.
EXTERNAL
Names of the interfaces currently connected to external networks. This is
a combination of
EXTERNAL_OUT and
EXTERNAL_IN .
INTERNAL
Names of all the interfaces on the system currently up and configured with an
IP address and netmask, with the exception of the loopback interface (lo), and
EXTERNAL .
IPFWADM
Path to the ipfwadm utility. Use of this variable is recommended, as its use
will automatically support the --display, --no-act, and --verbose options of
ipmasq(8) .
IPCHAINS
Path to the ipchains utility. Use of this variable is recommended, as its use
will automatically support the --display, --no-act, and --verbose options of
ipmasq(8) .
IPTABLES
Path to the iptables utility. Use of this variable is recommended, as its use
will automatically support the --display, --no-act, and --verbose options of
ipamsq(8) .
MASQMETHOD
One of
ipfwadm , ipchains or
netfilter depending on the interface of the currently running kernel.
SHOWRULES
Set to
yes if
ipmasq(8) has been called with either the
--display or the
--verbose flag, indicating the user wishes rules to be displayed.
NOACT
Set to
yes if
ipmasq(8) has been called with either the
--display or the
--no-act flag, indicating the user wishes rules not to be executed.
SHELL FUNCTIONS AVAILABLE TO RULES
The following shell functions are available to rules:
ipnm_cache
In order to speed the creation of the ruleset, the IP address and netmask
of the interfaces listed in
INTERNAL and
EXTERNAL are cached. Call
ipnm_cache interface to retrieve the cached information. The IP address, netmask, point-to-point
peer, and broadcast address are returned in the environment variables
IPOFIF , NMOFIF , PEEROFIF , and
BCOFIF respectively.
FILES
/etc/ipmasq/rules/*.def
Package defined default rules files. Do not edit, instead create a
.rul file.
/etc/ipmasq/rules/*.rul
User defined rules files. Each overrides the corresponding
.def file.
CAVEATS
Previous versions of
ipmasq(8) guaranteed that rule files would be sourced using
bash(1) . However, since
bash(1) is a resource hog, especially on systems often used as ipmasq boxes, this
guarantee was removed as of ipmasq version 3.3.3. Check your rules files
for ``bashisms.''
