core-admin/doc/qvm-tools/qvm-firewall.rst

.. program:: qvm-firewall

=======================================================
:program:`qvm-firewall` -- Qubes firewall configuration
=======================================================

Synopsis
========
| qvm-firewall [-n] <vm-name> [action] [rule spec]

Rule specification can be one of:
    1. address|hostname[/netmask] tcp|udp port[-port]
    2. address|hostname[/netmask] tcp|udp service_name
    3. address|hostname[/netmask] any

Options
=======

.. option:: --help, -h

    Show this help message and exit

.. option:: --list, -l

    List firewall settings (default action)

.. option:: --add, -a

    Add rule

.. option:: --del, -d

    Remove rule (given by number or by rule spec)

.. option:: --policy=SET_POLICY, -P SET_POLICY

    Set firewall policy (allow/deny)

.. option:: --icmp=SET_ICMP, -i SET_ICMP

    Set ICMP access (allow/deny)

.. option:: --dns=SET_DNS, -D SET_DNS

    Set DNS access (allow/deny)

.. option:: --yum-proxy=SET_YUM_PROXY, -Y SET_YUM_PROXY

    Set access to Qubes yum proxy (allow/deny).

    .. note::
       if set to "deny", access will be rejected even if policy set to "allow"

.. option:: --numeric, -n

    Display port numbers instead of services (makes sense only with :option:`--list`)

Authors
=======
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
| Marek Marczykowski <marmarek at invisiblethingslab dot com>
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`.. program:: qvm-firewall`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`=======================================================`
			:program:`qvm-firewall` -- Qubes firewall configuration
			`=======================================================`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`Synopsis`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`========`
			`\| qvm-firewall [-n] <vm-name> [action] [rule spec]`

			`Rule specification can be one of:`
			`1. address\|hostname[/netmask] tcp\|udp port[-port]`
			`2. address\|hostname[/netmask] tcp\|udp service_name`
			`3. address\|hostname[/netmask] any`

doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`Options`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`=======`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --help, -h`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Show this help message and exit`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --list, -l`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`List firewall settings (default action)`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --add, -a`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Add rule`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --del, -d`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Remove rule (given by number or by rule spec)`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --policy=SET_POLICY, -P SET_POLICY`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Set firewall policy (allow/deny)`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --icmp=SET_ICMP, -i SET_ICMP`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Set ICMP access (allow/deny)`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --dns=SET_DNS, -D SET_DNS`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Set DNS access (allow/deny)`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --yum-proxy=SET_YUM_PROXY, -Y SET_YUM_PROXY`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Set access to Qubes yum proxy (allow/deny).`

doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`.. note::`
			`if set to "deny", access will be rejected even if policy set to "allow"`

			`.. option:: --numeric, -n`

			Display port numbers instead of services (makes sense only with :option:`--list`)

			`Authors`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`=======`
			`\| Joanna Rutkowska <joanna at invisiblethingslab dot com>`
			`\| Rafal Wojtczuk <rafal at invisiblethingslab dot com>`
			`\| Marek Marczykowski <marmarek at invisiblethingslab dot com>`