Filewatcher File Search File Search
Catalog
Content Search
» » » » » arptables_0.0.3.4-1_armel.deb » Content »
pkg://arptables_0.0.3.4-1_armel.deb:33778/usr/share/man/man8/  info  control  downloads

arptables - ARP table administration…  more info»

arptables.8.gz

ARPTABLES(8)                                            ARPTABLES(8)



NAME
       arptables - ARP table administration

SYNOPSIS
       arptables [-t table] -[AD] chain rule-specification [options]
       arptables  [-t  table] -[RI] chain rulenum rule-specification
       [options]
       arptables [-t table] -D chain rulenum [options]
       arptables [-t table] -[LFZ] [chain] [options]
       arptables [-t table] -[NX] chain
       arptables [-t table] -E old-chain-name new-chain-name
       arptables [-t table] -P chain target [options]

DESCRIPTION
       arptables is a user space tool, it is  used  to  set  up  and
       maintain  the  tables of ARP rules in the Linux kernel. These
       rules inspect the ARP frames which they  see.   arptables  is
       analogous  to  the iptables user space tool, but arptables is
       less complicated.


   CHAINS
       The kernel table is used to divide functionality into differ‐
       ent sets of rules. Each set of rules is called a chain.  Each
       chain is an ordered list of rules that can match ARP  frames.
       If  a rule matches an ARP frame, then a processing specifica‐
       tion tells what to do with that matching frame. The  process‐
       ing specification is called a 'target'. However, if the frame
       does not match the current rule in the chain, then  the  next
       rule  in  the  chain  is examined and so forth.  The user can
       create new (user-defined) chains which can  be  used  as  the
       'target' of a rule.


   TARGETS
       A  firewall  rule  specifies  criteria for an ARP frame and a
       frame processing specification called a target.  When a frame
       matches  a rule, then the next action performed by the kernel
       is specified by the target.  The target can be one  of  these
       values:  ACCEPT,  DROP, CONTINUE, RETURN, an 'extension' (see
       below) or a user-defined chain.

       ACCEPT means to let the frame through.  DROP means the  frame
       has  to  be  dropped.  CONTINUE means the next rule has to be
       checked. This can be handy to know how  many  frames  pass  a
       certain  point  in  the chain or to log those frames.  RETURN
       means stop traversing this chain and resume at the next  rule
       in  the  previous (calling) chain.  For the extension targets
       please see the TARGET EXTENSIONS section of this man page.

   TABLES
       There is only one ARP table in the Linux kernel.   The  table
       is  filter.   You  can  drop  the '-t filter' argument to the
       arptables command.  The -t argument must be the  first  argu‐
       ment on the arptables command line, if used.

       -t, --table
              filter, is the only table and contains two (Linux ker‐
              nels 2.4.X) or three (Linux kernels 2.6.0  and  later)
              built-in  chains:  INPUT  (for frames destined for the
              host), OUTPUT (for locally-generated frames) and  FOR‐
              WARD  (for frames being forwarded by the bridge code).
              The FORWARD chain doesn't exist in  Linux  2.4.X  ker‐
              nels.

ARPTABLES COMMAND LINE ARGUMENTS
       After  the  initial  arptables  command  line  argument,  the
       remaining arguments can be  divided  into  several  different
       groups.   These  groups are commands, miscellaneous commands,
       rule-specifications,  match-extensions,  and   watcher-exten‐
       sions.

   COMMANDS
       The  arptables  command arguments specify the actions to per‐
       form on the table defined with the -t argument.   If  you  do
       not  use  the -t argument to name a table, the commands apply
       to the default filter table.  With the exception  of  the  -Z
       command,  only one command may be used on the command line at
       a time.

       -A, --append
              Append a rule to the end of the selected chain.

       -D, --delete
              Delete the specified rule  from  the  selected  chain.
              There  are  two ways to use this command. The first is
              by specifying an interval of rule numbers  to  delete,
              syntax:  start_nr[:end_nr].  Using negative numbers is
              allowed, for more details about  using  negative  num‐
              bers, see the -I command. The second usage is by spec‐
              ifying the complete rule as it would have been  speci‐
              fied when it was added.

       -I, --insert
              Insert  the  specified rule into the selected chain at
              the specified rule number.  If the current  number  of
              rules  equals  N,  then  the  specified  number can be
              between -N and N+1. For a positive number i, it  holds
              that  i  and i-N-1 specify the same place in the chain
              where the rule should be inserted. The number 0 speci‐
              fies  the  place  past  the last rule in the chain and
              using this number is therefore equivalent  with  using
              the -A command.

       -R, --replace
              Replaces the specified rule into the selected chain at
              the specified rule number.  If the current  number  of
              rules  equals  N,  then  the  specified  number can be
              between 1 and N. i specifies the place  in  the  chain
              where the rule should be replaced.

       -P, --policy
              Set  the policy for the chain to the given target. The
              policy can be ACCEPT, DROP or RETURN.

       -F, --flush
              Flush the selected chain. If  no  chain  is  selected,
              then  every  chain will be flushed. Flushing the chain
              does not change the policy of the chain, however.

       -Z, --zero
              Set the counters of the selected chain to zero. If  no
              chain  is  selected, all the counters are set to zero.
              The -Z command can be used in conjunction with the  -L
              command.   When  both  the -Z and -L commands are used
              together in this way, the rule counters are printed on
              the screen before they are set to zero.

       -L, --list
              List  all  rules in the selected chain. If no chain is
              selected, all chains are listed.

       -N, --new-chain
              Create a new user-defined chain with the  given  name.
              The  number  of  user-defined  chains  is unlimited. A
              user-defined chain name has maximum length of 31 char‐
              acters.

       -X, --delete-chain
              Delete the specified user-defined chain. There must be
              no remaining references to the specified chain, other‐
              wise  arptables  will refuse to delete it. If no chain
              is specified, all user-defined chains that aren't ref‐
              erenced will be removed.

       -E, --rename-chain
              Rename  the  specified  chain  to a new name.  Besides
              renaming a user-defined chain, you may rename a  stan‐
              dard  chain  name to a name that suits your taste. For
              example, if you like PREBRIDGING more than PREROUTING,
              then you can use the -E command to rename the PREROUT‐
              ING chain. If you do rename one of the standard arpta‐
              bles  chain names, please be sure to mention this fact
              should you post a question on  the  arptables  mailing
              lists.   It  would be wise to use the standard name in
              your post. Renaming a standard arptables chain in this
              fashion  has no effect on the structure or function of
              the arptables kernel table.


   MISCELLANOUS COMMANDS
       -V, --version
              Show the version of the arptables userspace program.

       -h, --help
              Give a brief description of the command syntax.

       -j, --jump target
              The target of the rule. This is one of  the  following
              values:  ACCEPT,  DROP,  CONTINUE,  RETURN,  a  target
              extension (see TARGET EXTENSIONS)  or  a  user-defined
              chain name.


   RULE-SPECIFICATIONS
       The  following command line arguments make up a rule specifi‐
       cation (as used in the add and delete commands). A "!" option
       before the specification inverts the test for that specifica‐
       tion. Apart from these standard rule specifications there are
       some other command line arguments of interest.

       -s, --source-ip [!] address[/mask]
              The Source IP specification.

       -d, --destination-ip [!] address[/mask]
              The Destination IP specification.

       --source-mac [!] address[/mask]
              The  source  mac  address.  Both  mask and address are
              written as 6 hexadecimal numbers separated by colons.

       --destination-mac [!] address[/mask]
              The destination mac address. Both mask and address are
              written as 6 hexadecimal numbers separated by colons.

       -i, --in-interface [!] name
              The  interface  via which a frame is received (for the
              INPUT and FORWARD chains).  The  flag  --in-if  is  an
              alias for this option.

       -o, --out-interface [!] name
              The  interface  via  which a frame is going to be sent
              (for the OUTPUT and FORWARD chains). The flag --out-if
              is an alias for this option.

       -l, --h-length length[/mask]
              The hardware length (nr of bytes)

       --opcode code[/mask]
              The  operation  code  (2 bytes). Available values are:
              1=Request  2=Reply  3=Request_Reverse  4=Reply_Reverse
              5=DRARP_Request       6=DRARP_Reply      7=DRARP_Error
              8=InARP_Request 9=ARP_NAK.

       --h-type type[/mask]
              The hardware type (2  bytes,  hexadecimal).  Available
              values are: 1=Ethernet.

       --proto-type type[/mask]
              The  protocol  type  (2  bytes). Available values are:
              0x800=IPv4.


   TARGET-EXTENSIONS
       arptables extensions are precompiled into the userspace tool.
       So  there is no need to explicitly load them with a -m option
       like in iptables.  However, these extensions deal with  func‐
       tionality supported by supplemental kernel modules.

   mangle
       --mangle-ip-s IP address
              Mangles Source IP Address to given value.

       --mangle-ip-d IP address
              Mangles Destination IP Address to given value.

       --mangle-mac-s MAC address
              Mangles Source MAC Address to given value.

       --mangle-mac-d MAC address
              Mangles Destination MAC Address to given value.

       --mangle-target target
              Target  of  ARP  mangle  operation  (DROP, CONTINUE or
              ACCEPT -- default is ACCEPT).


MAILINGLISTS
       ebtables-user@lists.sourceforge.net
       ebtables-devel@lists.sourceforge.net

SEE ALSO
       iptables(8),  ebtables(8),  arp(8),   rarp(8),   ifconfig(8),
       route(8)



                             August 2007                ARPTABLES(8)
Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017 FileWatcher.com