ippool - user interface to the IP Filter pools
ippool -a [-dnv] [-G | -z zonename] [-m poolname] [-o role] -i ipaddr
[/netmask]
ippool -A [-dnv] [-G | -z zonename] [-m poolname] [-o role] [-S seed]
[-t type]
ippool -f file [-G | -z zonename] [-dnuv]
ippool -F [-dv] [-G | -z zonename] [-o role] [-t type]
ippool -h [-dv] [-G | -z zonename] [-m poolname] [-t type]
ippool -l [-dv] [-G | -z zonename] [-m poolname] [-t type]
ippool -r [-dnv] [-G | -z zonename] [-m poolname] [-o role] -i ipaddr
[/netmask]
ippool -R [-dnv] [-G | -z zonename] [-m poolname] [-o role] [-t type]
ippool -s [-dtv] [-G | -z zonename] [-M core] [-N namelist]
The ippool utility is used to manage information stored in the IP pools
subsystem of IP Filter software. Configuration file information can be parsed
and loaded into the kernel and currently configured pools can be removed,
changed, or inspected.
ippool's use is restricted through access to
/dev/ippool. The default permissions of /dev/ippool require
ippool to be run as root for all operations.
The command line options used are divided into two sections: the
global options and the instance-specific options.
ippool's use is restricted through access to
/dev/ipauth, /dev/ipl, and /dev/ipstate. The default
permissions of these files require ippool to be run as root for all
operations.
ippool supports the option categories described below.
The following global options are supported:
-d
Toggle debugging of processing the configuration
file.
-n
Prevents ippool from doing anything, such as
making ioctl calls, that would alter the currently running kernel.
-v
Turn verbose mode on.
-z zonename
Manage the specified zone's in-zone IP pools. If neither
this option nor
-G is specified, the current zone is used. This command
is only available in the Global Zone. See
ZONES in
ipf(8) for
more information.
-G zonename
Manage the specified zone's global zone controlled IP
pools. If neither this option nor
-z is specified, the current zone is
used. This command is only available in the Global Zone. See
ZONES in
ipf(8) for more information.
The following instance-specific options are supported:
-a
Add a new data node to an existing pool in the
kernel.
-A
Add a new (empty) pool to the kernel.
-f file
Read in IP pool configuration information from
file and load it into the kernel.
-F
Flush loaded pools from the kernel.
-h
Display a list of pools of the type: hash loaded in the
kernel.
-l
Display a list of pools of the type: tree loaded in the
kernel.
-r
Remove an existing data node from a pool in the
kernel.
-R
Remove an existing pool from within the kernel.
-s
Display IP pool statistical information.
The following, additional options are supported:
-i ipaddr[/netmask]
Sets the IP address for the operation being undertaken
with an all-one's mask or, optionally, a specific netmask, given in either
dotted-quad notation or as a single integer.
-m poolname
Sets the pool name for the current operation.
-M core
Specify an alternative path to /dev/kmem from
which to retrieve statistical information.
-N namelist
Specify an alternative path to lookup symbol name
information when retrieving statistical information.
-o role
Sets the role with which this pool is to be used.
Currently only ipf, auth, and count are accepted as
arguments to this option.
-S seed
Sets the hashing seed to the number specified. For use
with hash-type pools only.
-t type
Sets the type of pool being defined. Must be one of
pool, hash, or group-map.
-u
When parsing a configuration file, rather than load new
pool data into the kernel, unload it.
/dev/ippool
Link to IP Filter pseudo device.
/dev/kmem
Special file that provides access to virtual address
space.
/etc/ipf/ippool.conf
Location of ippool startup configuration
file.
See attributes(7) for descriptions of the following attributes:
ATTRIBUTE
TYPE |
ATTRIBUTE VALUE |
Interface Stability |
Committed |