test-expr — format of test-expr command-line arguments
General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the test-expr command-line argument.
Repeatable sections/items are marked by
the '*' before section/item name.
Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).
Command-line argument test-expr can
contain following items and sections:
test ... ;
show-acl ... ;
show-proxy ... ;
show-hash ... ;
help ... ;
test [from from] [transparent] [to to] [server server] [user user] [group group] [time time];Test ACL search.
This item uses standard Kernun configuration style syntax and specifies values that will be used for entry conditions matching when searching for proper ACLs. User must enter all data needed for ACLs that will be checked during the search. For instance, if (and only if) you use the TO item in SESSION-ACLs, you must enter it here.
Example:
test-xxx -f xxx.cfg -t "test from [1.1.1.1] to [2.2.2.2] : 53;"
from from (type: host, optional, default: [0.0.0.0])Connection/request client address.
transparent (type: key, optional)Transparent/non-transparent flag.
to to (type: sock, optional, default: [0.0.0.0]:0)Connection/request destination address.
server server (type: sock, optional, default: [0.0.0.0]:0)Logical destination server address/name.
user user (type: str, optional, default: <NULL>)Proxy user name.
group group (type: str-list, optional, default: {})List of groups.
time time (type: uint32, optional, default: 0)Time (form: [[mm]dd]hhmm).
GROUP can be used only with USER.
show-acl [phase];Show ACLs from configuration.
phase (type: uint8, optional, default: 1)Phase of ACL required.
Phase must be at least 1.
show-proxy [all];Show proxy parameters from configuration.
all (type: key, optional)Show also default values.
show-hash;Show proxy configuration hash.
help;Show test-cfg man page