| blob | 86ac6962b720f70d6a7a4696211faec0fe75bce4 |
1 '\" te
2 .\" To view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed
3 .\" location.
4 .\" Portions Copyright (c) 2008, Sun Microsystems Inc. All Rights Reserved.
5 .\" Portions Copyright (c) 2012, Joyent, Inc. All Rights Reserved.
6 .TH IPPOOL 8 "Nov 26, 2012"
7 .SH NAME
8 ippool \- user interface to the IP Filter pools
9 .SH SYNOPSIS
10 .LP
11 .nf
12 \fBippool\fR \fB-a\fR [\fB-dnv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-m\fR \fIpoolname\fR] [\fB-o\fR \fIrole\fR] \fB-i\fR \fIipaddr\fR
13 [/\fInetmask\fR]
14 .fi
16 .LP
17 .nf
18 \fBippool\fR \fB-A\fR [\fB-dnv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-m\fR \fIpoolname\fR] [\fB-o\fR \fIrole\fR] [\fB-S\fR \fIseed\fR]
19 [\fB-t\fR \fItype\fR]
20 .fi
22 .LP
23 .nf
24 \fBippool\fR \fB-f\fR \fIfile\fR [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-dnuv\fR]
25 .fi
27 .LP
28 .nf
29 \fBippool\fR \fB-F\fR [\fB-dv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-o\fR \fIrole\fR] [\fB-t\fR \fItype\fR]
30 .fi
32 .LP
33 .nf
34 \fBippool\fR \fB-h\fR [\fB-dv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-m\fR \fIpoolname\fR] [\fB-t\fR \fItype\fR]
35 .fi
37 .LP
38 .nf
39 \fBippool\fR \fB-l\fR [\fB-dv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-m\fR \fIpoolname\fR] [\fB-t\fR \fItype\fR]
40 .fi
42 .LP
43 .nf
44 \fBippool\fR \fB-r\fR [\fB-dnv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-m\fR \fIpoolname\fR] [\fB-o\fR \fIrole\fR] \fB-i\fR \fIipaddr\fR
45 [/\fInetmask\fR]
46 .fi
48 .LP
49 .nf
50 \fBippool\fR \fB-R\fR [\fB-dnv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-m\fR \fIpoolname\fR] [\fB-o\fR \fIrole\fR] [\fB-t\fR \fItype\fR]
51 .fi
53 .LP
54 .nf
55 \fBippool\fR \fB-s\fR [\fB-dtv\fR] [\fB-G\fR | \fB-z\fR \fIzonename\fR] [\fB-M\fR \fIcore\fR] [\fB-N\fR \fInamelist\fR]
56 .fi
58 .SH DESCRIPTION
59 .LP
60 The \fBippool\fR utility is used to manage information stored in the IP pools
61 subsystem of IP Filter software. Configuration file information can be parsed
62 and loaded into the kernel and currently configured pools can be removed,
63 changed, or inspected.
64 .sp
65 .LP
66 \fBippool\fR's use is restricted through access to \fB/dev/ippool\fR. The
67 default permissions of \fB/dev/ippool\fR require \fBippool\fR to be run as root
68 for all operations.
69 .sp
70 .LP
71 The command line options used are divided into two sections: the global options
72 and the instance-specific options.
73 .sp
74 .LP
75 \fBippool\fR's use is restricted through access to \fB/dev/ipauth\fR,
76 \fB/dev/ipl\fR, and \fB/dev/ipstate\fR. The default permissions of these files
77 require \fBippool\fR to be run as root for all operations.
78 .SH OPTIONS
79 .LP
80 \fBippool\fR supports the option categories described below.
81 .SS "Global Options"
82 .LP
83 The following global options are supported:
84 .sp
85 .ne 2
86 .na
87 \fB\fB-d\fR\fR
88 .ad
89 .RS 6n
90 Toggle debugging of processing the configuration file.
91 .RE
93 .sp
94 .ne 2
95 .na
96 \fB\fB-n\fR\fR
97 .ad
98 .RS 6n
99 Prevents \fBippool\fR from doing anything, such as making ioctl calls, that
100 would alter the currently running kernel.
101 .RE
103 .sp
104 .ne 2
105 .na
106 \fB\fB-v\fR\fR
107 .ad
108 .RS 6n
109 Turn verbose mode on.
110 .RE
112 .sp
113 .ne 2
114 .na
115 \fB\fB-z\fR \fIzonename\fR\fR
116 .ad
117 .RS 6n
118 Manage the specified zone's in-zone IP pools. If neither this option nor
119 \fB-G\fR is specified, the current zone is used. This command is only
120 available in the Global Zone. See \fBZONES\fR in \fBipf\fR(1m) for more
121 information.
122 .RE
124 .sp
125 .ne 2
126 .na
127 \fB\fB-G\fR \fIzonename\fR\fR
128 .ad
129 .RS 6n
130 Manage the specified zone's global zone controlled IP pools. If neither this
131 option nor \fB-z\fR is specified, the current zone is used. This command is
132 only available in the Global Zone. See \fBZONES\fR in \fBipf\fR(1m) for more
133 information.
134 .RE
136 .SS "Instance-Specific Options"
137 .LP
138 The following instance-specific options are supported:
139 .sp
140 .ne 2
141 .na
142 \fB\fB-a\fR\fR
143 .ad
144 .RS 11n
145 Add a new data node to an existing pool in the kernel.
146 .RE
148 .sp
149 .ne 2
150 .na
151 \fB\fB-A\fR\fR
152 .ad
153 .RS 11n
154 Add a new (empty) pool to the kernel.
155 .RE
157 .sp
158 .ne 2
159 .na
160 \fB\fB-f\fR \fIfile\fR\fR
161 .ad
162 .RS 11n
163 Read in IP pool configuration information from \fIfile\fR and load it into the
164 kernel.
165 .RE
167 .sp
168 .ne 2
169 .na
170 \fB\fB-F\fR\fR
171 .ad
172 .RS 11n
173 Flush loaded pools from the kernel.
174 .RE
176 .sp
177 .ne 2
178 .na
179 \fB\fB-h\fR\fR
180 .ad
181 .RS 11n
182 Display a list of pools of the type: hash loaded in the kernel.
183 .RE
185 .sp
186 .ne 2
187 .na
188 \fB\fB-l\fR\fR
189 .ad
190 .RS 11n
191 Display a list of pools of the type: tree loaded in the kernel.
192 .RE
194 .sp
195 .ne 2
196 .na
197 \fB\fB-r\fR\fR
198 .ad
199 .RS 11n
200 Remove an existing data node from a pool in the kernel.
201 .RE
203 .sp
204 .ne 2
205 .na
206 \fB\fB-R\fR\fR
207 .ad
208 .RS 11n
209 Remove an existing pool from within the kernel.
210 .RE
212 .sp
213 .ne 2
214 .na
215 \fB\fB-s\fR\fR
216 .ad
217 .RS 11n
218 Display IP pool statistical information.
219 .RE
221 .SS "Other Options"
222 .LP
223 The following, additional options are supported:
224 .sp
225 .ne 2
226 .na
227 \fB\fB-i\fR \fIipaddr\fR[/\fInetmask\fR]\fR
228 .ad
229 .RS 23n
230 Sets the IP address for the operation being undertaken with an all-one's mask
231 or, optionally, a specific netmask, given in either dotted-quad notation or as
232 a single integer.
233 .RE
235 .sp
236 .ne 2
237 .na
238 \fB\fB-m\fR \fIpoolname\fR\fR
239 .ad
240 .RS 23n
241 Sets the pool name for the current operation.
242 .RE
244 .sp
245 .ne 2
246 .na
247 \fB\fB-M\fR \fIcore\fR\fR
248 .ad
249 .RS 23n
250 Specify an alternative path to \fB/dev/kmem\fR from which to retrieve
251 statistical information.
252 .RE
254 .sp
255 .ne 2
256 .na
257 \fB\fB-N\fR \fInamelist\fR\fR
258 .ad
259 .RS 23n
260 Specify an alternative path to lookup symbol name information when retrieving
261 statistical information.
262 .RE
264 .sp
265 .ne 2
266 .na
267 \fB\fB-o\fR \fIrole\fR\fR
268 .ad
269 .RS 23n
270 Sets the role with which this pool is to be used. Currently only \fBipf\fR,
271 \fBauth\fR, and \fBcount\fR are accepted as arguments to this option.
272 .RE
274 .sp
275 .ne 2
276 .na
277 \fB\fB-S\fR \fIseed\fR\fR
278 .ad
279 .RS 23n
280 Sets the hashing seed to the number specified. For use with hash-type pools
281 only.
282 .RE
284 .sp
285 .ne 2
286 .na
287 \fB\fB-t\fR \fItype\fR\fR
288 .ad
289 .RS 23n
290 Sets the type of pool being defined. Must be one of \fBpool\fR, \fBhash\fR, or
291 \fBgroup-map\fR.
292 .RE
294 .sp
295 .ne 2
296 .na
297 \fB\fB-u\fR\fR
298 .ad
299 .RS 23n
300 When parsing a configuration file, rather than load new pool data into the
301 kernel, unload it.
302 .RE
304 .SH FILES
305 .ne 2
306 .na
307 \fB\fB/dev/ippool\fR\fR
308 .ad
309 .RS 24n
310 Link to IP Filter pseudo device.
311 .RE
313 .sp
314 .ne 2
315 .na
316 \fB\fB/dev/kmem\fR\fR
317 .ad
318 .RS 24n
319 Special file that provides access to virtual address space.
320 .RE
322 .sp
323 .ne 2
324 .na
325 \fB\fB/etc/ipf/ippool.conf\fR\fR
326 .ad
327 .RS 24n
328 Location of \fBippool\fR startup configuration file.
329 .RE
331 .SH ATTRIBUTES
332 .LP
333 See \fBattributes\fR(5) for descriptions of the following attributes:
334 .sp
336 .sp
337 .TS
338 box;
339 c | c
340 l | l .
341 ATTRIBUTE TYPE ATTRIBUTE VALUE
342 _
343 Interface Stability Committed
344 .TE
346 .SH SEE ALSO
347 .LP
348 \fBipf\fR(8), \fBipfstat\fR(8), \fBippool\fR(4), \fBattributes\fR(5),
349 \fBzones(5)\fR