.\" @(#)fw.rule.1 1.3 99/03/31 SMI;
.\" Copyright (c) 1999, Sun Microsystems, Inc.
.\" All Rights Reserved
.TH fw.rule 1 "31 March 1999" " "
.SH NAME
fw.rule \- manipulate the firewall packet filtering rule definitions 
.SH SYNOPSIS
\f3fw.rule add \f1[\f3ALLOW \f1| \f3DENY\f1] \f2service \f3from \f2src-ipaddress \f3to \f2dest-ipaddress\f1
.LP
\f3fw.rule delete \f2rule_number\f1
.LP
\f3fw.rule list \f3rule \f1| \f3service\f1 | \f3interface\f1
.LP
\f3fw.rule move \f2from_rule_number to_rule_number\f1
.SH DESCRIPTION
.IX "manipulate the firewall packet filtering rule definitions " "" "manipulate the firewall packet filtering rule definitions  \(em \fLfw.rule\fP"
.IX "fw.rule" "" "\fLfw.rule\fP \(em manipulate the firewall packet filtering rule definitions "
.IX "manipulate the firewall packet filtering rule definitions " "fw.rule" "" "\(em \fLfw.rule\fP"
.IX "fw.rule" "" "\fLfw.rule\fP \(em manipulate the firewall packet filtering rule definitions "
The
.B fw.rule
utility manipulates the firewall's packet filtering rules.
.SH OPTIONS
The following options are supported:
.TP
\f3add \f1[\f3ALLOW \f1| \f3DENY\f1] \f2service \f3from \f2src-ipaddress \f3to \f2dest-ipaddress\f1
Add a new packet filter rule.  ALLOW indicates passing the packet through.
DENY indicates rejecting the packet.  The
.I service
argument defines the packet type.  The
.I src-ipaddress
argument is the source IP address of the packet and
.I dest-ipaddress
is the destination address of the packet.
ALL can be use in place of
.I src-ipaddress
or
.I dest-ipaddress
to refer to any or all addresses.
.TP
\f3delete \f2rule_number\f1
Delete the packet filter rule with the specify rule number.
The rule number can be obtained by specifying 
.BR "fw.rule list rule" .
.TP
\f3list \f1[\f3rule \f1| \f3service \f1| \f3interface\f1]
Display a list of current packet filtering rules, a list of services
(packet types), or the network interface status (to determine
whether or not the interface is currently under the firewall control).
.TP
\f3move \f2from_rule_number to_rule_number\f1
Re-order the order in which the packet filtering rules are examined.
The rules are examined beginning with rule #1 until either a matching
rule is found or the last rule is examined.  If a matching rule is
not found, the packet is denied.
.SH ATTRIBUTES
Interface Stability:
.br
Sun Microsystems, Inc., reserves the right to change the interface
definitions in a minor release. However, Sun Microsystems, Inc.,
will make every effort to preserve the minimal interface definitions presented; 
they were chosen in a hope to fulfill a goal of not changing them.
In the future, it is intended that a stronger commitment will be made
to these interface definitions, which will guarantee them across 
minor releases.