We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

acpfctrl

  • Last updated on

Use Barracuda NextGen Admin to configure your unit. Do not configure your system with the acpfctrl utility unless you are advised to do so by Barracuda Networks Technical Support.

To view information and settings for the firewall module (acpf), use the acpfctrl utility.

List of all acpfctrl options:

[root@HQ-NG1:~]# acpfctrl use: acpfctrl [start stop parp noping srvport bacl lproto realm cache nattable fwd param suspend resume version] start Load module, caches and rules stop Save caches and unload module parp Proxy ARP control noping Non local ECHO handled IPs bacl Box access control list lproto Locally handled IP Protocols realm Device realm assignment device Show device information sync TF sync control tune Tuning control cache Cache control fwd passthru forwarding srvport Service to Port Mapping nattable plugin nattables plugdebug plugin debuglevel sip SIP call table arp ARP request interface matching bridge bridging group manipulation term Terminate slots param ACPF parameters l2tp l2tp device handling clone Clone packet to other host via UDP report set packet drop reporting suspend seconds put to sleep for n seconds resume acpf wakeup call dfbit global clearing of DF bit for vpn tunnels auth authentication control ;user-addr mapping route dstIP srcIP inDev audit Audit log control p2p P2P control ips IPS control slot slot info inbound inbound info uport uport info acceptor acceptor info source source info sizes show struct size info shaping traffic shaping forward turn forwarding on/off forward6 turn ipv6 forwarding on/off landingpage manage landing page rules rxqueue manage rx queue number and filter for network cards with 82598 and 82599 chipset. urlcat urlcat info and parameters flex flex setup and information addrinfo addrinfo cache blockpage sslice sslice and AV scanning configuration version ACPF Version

Options

start

Starts the acpf module and imports the Forwarding Firewall rules and access cache.

stop

Stops the acpf module. The firewall is stopped. Rules and the access cache are saved.

The acpf can only be stopped if its dependent services are also stopped. Before using the acpfctrl stop command, block the firewall services on the server and on the system by using the phionctrl module block firewall and phionctrl box block boxfw commands. For more information, see phionctrl.

parp show

Displays all proxy ARP entries for the firewall.

[root@ash:/var/phion/logs]# acpfctrl parp show noext 10.0.10.208/4 MVPN
noping show

Displays all IP addresses that are set to noping.

bacl show

Displays all box access control list entries.

lproto show

Displays the locally handled IP protocols.

realm show

Displays the device realm assignment. The following realms are available:

  • 0unknown
  • 1intern
  • 2dmz
  • 3extern
  • 4persvpn
  • 5fwvpn
  • 6iptun
  • 7usr
device

Displays information about all devices for debugging.

Example 1:

[root@HQ-NG1:~]# acpfctrl device show lo index=1 realm=opsys port=unknown base=00000000 irq=0 dma=0 state=XOFF START mtu=3500 type=LOOPBACK mac=00:00:00:00:00:00 brd=00:00:00:00:00:00 num_mc=0 flags=UP LOOPBACK features=SG/IO NO-CSUM HIGH-DMA FRAGLIST refcnt=21 watchtime=0 last_rx=1.9656e+06 secs last_tx=1.9656e+06 secs rx=0/0 tx=0/0 rx-err=0 tx-err=0 colls=0 eth0 index=2 realm=intern port=unknown base=00000000 irq=0 dma=0 state=XOFF START mtu=1500 type=ETHER mac=00:0c:29:22:84:70 brd=ff:ff:ff:ff:ff:ff num_mc=1 flags=UP BROADCAST features=HW-CSUM HIGH-DMA HW-VLAN-TX HW-VLAN-RX HW-VLAN-FILTER refcnt=44 watchtime=5000 last_rx=1.9656e+06 secs last_tx=1.96809e+06 secs rx=1569875/1420438899 tx=656119/161707104 rx-err=0 tx-err=0 colls=0
sync

Prints the sync state of the system to the standard output.

[root@HQ-NG1:~]# acpfctrl sync show Mode: OFF Cookie: cb014880 SyncNumber: 1 Server: VIRT1 Partner: DOWN Source: 10.0.10.88:689 Destination: 0.0.0.0:689 KeyIndex: 0 Key1: 00000000000000000000000000000000 Key2: 00000000000000000000000000000000 A Unsynced 0 A Synced 0 A Unsynced Close 0 A Synced Close 0 P Synced 0 P Synced Close 0 A SIP Unsynced 0 A SIP Synced 0 A SIP Unsynced Close 0 A SIP Synced Close 0 P SIP Synced 0 P SIP Synced Close 0
plugdebug

Dumps debug messages of a specified plugin to the appliance firewall log.

  • acpfctrl plugdebug <plugin name> 1 – Enables the dumping of debug messages.
  • acpfctrl plugdebug <plugin name> 0 – Disables the dumping of debug messages.

The output for the plugdebug parameter is used by Barracuda Networks Technical Support.

param

Displays the parameter settings for the appliance.

version

Displays the acpf version.

[root@chefix:~]# acpfctrl version PhionVersionString R-3.2_V-3.2.0.1 Nov 8 2005 18:53:18
tune kernel

Checks the Use Kernel Ruleset parameter in the operational settings of the general firewall configuration and displays the status.

  • acpfctrl tune kernel on – Temporarily enables the Use Kernel Ruleset function until reboot.
  • acpfctrl tune kernel off – Temporary disables the Use Kernel Ruleset function until reboot.
tune vpnbypass

To properly use tcpdump to troubleshoot or monitor VPN traffic, all VPN traffic must be handled by one CPU. Only use this option temporarily because disabling vpnbypass considerably reduces the performance of the VPN service.

  • acpfctrl tune vpnbypass on – VPN traffic is handled by multiple CPUs.(default)
  • acpfctrl tune vpnbypass off – VPN traffic is handled by a single CPU, allowing tcpdump to show all VPN traffic.
Last updated on