urukctl(8)                  SYSTEM ADMINISTRATION                   urukctl(8)



  NAME
      urukctl - uruk control script

  SYNOPSIS
      urukctl command [argument]

  DESCRIPTION
      urukctl  is the user interface for the uruk system. It is used to create
      or change saved iptables rulesets, to change the current loaded rulesets
      and to report on uruk's status.

      See  uruk(8) for information on how to get started with the Uruk system,
      and for a tutorial. This manpage gives just the details on urukctl.

      The urukctl script calls uruk to process /etc/uruk/rc.  (The  uruk  init
      script calls urukctl.)

      These  4  ruleset pairs (for both IPv4 and IPv6) exist in a system using
      uruk:

      o
        the ruleset as expressed in the uruk configuration /etc/uruk/rc,
      o
        the 2 saved  rulesets  in  /var/lib/{iptables,ip6tables}/{active,inac-
        tive}
      o
        the ruleset as currently loaded in the running kernel
      o
        optional: more rulesets saved in /var/lib/{iptables,ip6tables}

      arguments
      urukctl  should be called as either urukctl argument or urukctl argument
      option. Possible values are:

      start
        If not yet done, save current iptables status in  "inactive"  ruleset.
        (Re)build and load the "active" ruleset.

      save ruleset
        Save the current iptables status in given ruleset.

      create <active|inactive>
        Create  an "active" or "inactive" ruleset with sane defaults: "active"
        will be based upon the uruk rc file. "inactive" will allow  all  traf-
        fic.

      load ruleset
        Load a saved ruleset

      reload
        (Re)build  and load the "active" ruleset, without temporarily clearing
        the current iptables status.

      force-reload
        (Re)build and load the "active" ruleset, in case uruk is running.

      stop
        Load the "inactive" ruleset.

      restart
        Perform stop-actions followed by start-actions.

      status
        Print the current status of the service: show which ruleset is loaded,
        and wether uruk is "running".

      clear
        Remove  all  rules  and user-defined chains, set default policy to AC-
        CEPT.

      halt
        Remove all rules and user-defined chains, set default policy to DROP.

      flush
        Flush all rules from the current iptables status.

      configuration
      urukctl uses the file /etc/default/uruk (on Debian, Ubuntu  and  related
      systems) or /etc/sysconfig/uruk (on Red Hat, Fedora and related systems)
      for configuration. Variables used in this file are:

      enable_uruk_check
        wether to check for existence and sanity of uruk rc file; set to false
        if you don't like this, e.g. when using the uruk initscript for manag-
        ing saved rulesets only (i.e. not for calling uruk or uruk-save).

      enable_ipv6
        set to false to disable IPv6 support. Set to $(enable-ipv6) to dynami-
        cally decide wether to filter IPv6 traffic.

      enable_uruk_save
        enable calling the unstable uruk-save script.

      enable_autosave
        set  to  "false"  to  disable autosaving the active ruleset when going
        from start to stop.

      enable_save_counters
        set to "false" to disable saving table counters with rulesets.

  SEE ALSO
      uruk(8),   uruk-rc(5),   uruk-save(8).   The   Uruk   homepage   is   at
      http://mdcc.cx/uruk/ .

      iptables(8), iptables-save(8), iptables-restore(8), ip6tables(8), ip6ta-
      bles-save(8), ip6tables-restore(8), http://www.netfilter.org/

      interfaces(5), http://packages.debian.org/ifupdown.

  COPYRIGHT
      Copyright (C) 2013 Joost van Baal-Ili <joostvb-uruk@mdcc.cx>

      This program is free software: you can redistribute it and/or modify  it
      under  the  terms  of the GNU General Public License as published by the
      Free Software Foundation, either version 3 of the License, or  (at  your
      option) any later version.

      This  program  is  distributed  in  the hope that it will be useful, but
      WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABIL-
      ITY  or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public Li-
      cense for more details.

      You should have received a copy of the GNU General Public License  along
      with this program. If not, see http://www.gnu.org/licenses/.

  AUTHOR
      Joost van Baal-Ili <joostvb-uruk@mdcc.cx>



  urukctl 20231009                    9  2023                         urukctl(8)
