Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
APPJAIL-EXPOSE(1)	    General Commands Manual	     APPJAIL-EXPOSE(1)

NAME
       appjail-expose -- Port forwarding from host port	to jail	port

SYNOPSIS
       appjail expose get [-eHIipt] -n nro jail	[keyword ...]
       appjail expose list [-eHIipt] [-n nro] jail [keyword ...]
       appjail expose off jail
       appjail expose on jail
       appjail expose remove [all|nro nro] jail
       appjail	expose	set  -k	 network  -p hport[:jport] [[-E|-e]] [[-t|-u]]
	       [-I  address]  [-i  interface]  [-l  [-|options]]   [-N	 name]
	       [-n [auto|nro]] [-o interface] jail
       appjail expose status jail

DESCRIPTION
       The  appjail  expose  utility  configures, lists, enables, and disables
       rules to	perform	port forwarding	from a host port to a jail port.

       The options are as follows:

       get [-eHIipt] -n	nro jail [keyword ...]
	    Get	information about current rules	, that is,  the	 keyword  that
	    represent the information to be obtained. Multiple keywords	can be
	    specified,	which  are  displayed as a table-like interface	in the
	    order in which they	are specified.	If no  keyword	is  specified,
	    the	  defaults   are  nro,	enabled,  name,	 ports,	 protocol  and
	    network_name.

	    See	"KEYWORDS" for a list of available keywords.

	    -e	Not required when using	-p .  The \t character is used to  de-
		limit  columns,	 so as not to show strange values, this	option
		shows <TAB> instead of \t in the case that  a  value  contains
		the latter.

	    -H	Shows the name of the columns.

	    -I	Include	 empty	values.	 By default, a minus sign is displayed
		when a value is	empty.

	    -i	Don't complain when nro	doesn't	exist.

	    -p	Columnate the list.

	    -t	Tabulate columns and values.

	    -n nro
		Identifier.

       list [-eHIipt] [-n nro] jail [keyword ...]
	    Similar to get but shows each keyword for  each  rule  in  a  nice
	    table.

	    -e,	-H, -I,	-p, -t
		All  of	these options perform the opposite task	of the options
		described in get.

	    -i	Perform	the same task as described in get .

	    -n nro
		Only show information for nro.

       off jail
	    Flush the rules currently in use.

       on jail
	    Load enabled rules configured by set .

       remove [all|nro nro] jail
	    Remove a given rule.

	    all
		Remove all rules.

	    nro	nro
		Remove the rule	specified by nro .
	    ] jail

       set -k network -p hport[:jport]	[[-E|-e]]  [-t|-u]  [-I	 address]  [-i
	    interface]	 [-l   [-|options]]  [-N  name]	 [-n  [auto|nro]]  [-o
	    interface]
	    Configure a	new or existing	rule.

	    -k network
		Get the	jail's IPv4 address from network ,  required  for  the
		rule.

		If  you	are configuring	a rule that already has	this value, it
		becomes	optional, so you can ignore it if you wish.

	    -p hport[:jport]
		Forward	the hport port to the jport port.

		hport is the host or external port and jport if	the port  cur-
		rently	listening  to  the application within the jail.	If not
		set, hport is used.

		Both hport and jport can be specified using symbolic names  as
		described in services(5).

		If  you	are configuring	a rule that already has	this value, it
		becomes	optional, so you can ignore it if you wish.

	    [-E|-e]
		Enable (-E) or disable (-e) this rule.

	    -t|-u
		Use TCP	(-t) or	UDP (-u) .  By default is TCP

	    -I address
		Use address as the external IPv4 address instead of the	 first
		matching  IPv4	address.  The  IPv4  address must exist	on the
		specified external interface before executing this command.

	    -i interface
		Interface to obtain the	external IPv4 address. If not set, the
		interface specified by the EXT_IF parameter is used.

	    -l [-|options]
		Firewall-specific logging options. Use a minus sign to	enable
		logging, but without options.
		]

	    -N name
		Service	description.

	    -n [auto|nro]
		Identifier.  An	 identifier  is	composed of a positive number.
		Use auto (default) to get the lowest identifier	value.

	    -o interface
		Apply rules to packets coming in on,  or  going	 out  through,
		this  interface.  If  not  set,	the interface specified	by the
		ON_IF parameter	is used.

       status jail
	    Shows the rule that	is currently in	use or an error	if it  is  not
	    yet	applied.

KEYWORDS
       enabled
	   Shows 1 if the rule is enabled, 0 if	it is not.

       name
	   Service description.

       hport
	   External port.

       jport
	   Internal port.

       ext_if
	   Interface to	obtain the external IPv4 address.

       on_if
	   Apply rules to packets coming in on,	or going out through, this in-
	   terface.

       network_name
	   Network used	to obtain the jail's IPv4 address.

       nro
	   Identifier.

       ports
	   Exposed ports.

       protocol
	   Protocol, i.e. TCP or UDP in	lowercase.

       rule
	   The rule that will be applied.

EXIT STATUS
       The  appjail  expose utility exits 0 on success,	and >0 if an error oc-
       curs.

SEE ALSO
       appjail-quick(1)	sysexits(3)

AUTHORS
       Jess Daniel Colmenares Oviedo <DtxdF@disroot.org>

FreeBSD	ports 15.0		 April 6, 2024		     APPJAIL-EXPOSE(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=appjail-expose&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help