Configure

From securityrouter.org, an OpenBSD-based firewall
Revision as of 20:59, 17 November 2011 by Erik (talk | contribs) (Created page with "This page describes how to interact with the configuration using the <tt>configure</tt> command. Configure may be invoked from the CLI interface, or from the system shell, it...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page describes how to interact with the configuration using the configure command. Configure may be invoked from the CLI interface, or from the system shell, its privilege level is inherit from the invoking user. Once started configure present you with an interactive prompt.

admin@fw1.halon.se> configure
[]
admin@fw1.halon.se# 

The latest configuration revision is checked out before prompting for commands. If the configuration is changed by another user or instance you may update configures working copy with the checkout command.

Working with the configuration

The configuration has a hierarchical format, with one statement per line, and child/parent relationships indicated by curly brackets and tabs. Show the local copy of the configuration with the show command.

system {
        authentication {
                user "admin" {
                        password "...
                }
        }
}

This concept reflected as if each scope system { authentication { user "admin { were folders in a file system hierarchy, and password were a file. This concept of files and folders has the same benefits in the configure command as in your operating system shell. It allows for shorter relative path when you invoke commands.

Paths and commands may be auto-completed with the TAB interface.

Action Syntax Example
Enter a configuration scope cd [path] cd system {
Leave a configuration scope cd [path] cd .. {
Show a configuration scope show [path] show system { authentication {

Example

admin@fw1.halon.se# cd system { 
[system]
admin@fw1.halon.se# cd authentication { 
[system { authentication]
admin@fw1.halon.se# show
authentication {
        user "admin" {
                password "$2a$06$vCj.oFZNS8MZjeu/J/fJ0O/OgURa7lVGN/2kUxijN8BmPrRfMyRq2" # SALTED-HASH
        }
}
[system { authentication]
admin@fw1.halon.se# cd ..
[system]
admin@fw1.halon.se#

The following commands may be used to modify the configuration.

Action Syntax Example Comment
Set set [path] [attr] set interface em0 { dhcp-server { Add a dhcp-server scope on em0
Delete delete [path] [attr] delete interface em0 { dhcp-server { Delete the dhcp-scope
Move rename [path] to [path] rename interface em0 { dhcp-server { to interface em1 { Moves the dhcp-server from em0 to em1
Rename rename [path] to [path] rename interface bridge0 { to interface bridge1 { Rename brige0 to bridge1
Copy copy [path] to [path] copy interface em1 { dhcp-server { to interface em2 { dhcp-server { Copy the dhcp-server from em1 to em2