1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
.\" Automatically generated by Pandoc 3.6.4
.\"
.TH "FOOMUURI" "8" "Dec 12, 2025" "Foomuuri 0.30" "User Manual"
.SH NAME
foomuuri \- multizone bidirectional nftables firewall
.SH SYNOPSIS
\f[B]foomuuri\f[R] [\f[I]OPTION\f[R]] [\f[I]COMMAND\f[R]]
.SH DESCRIPTION
\f[B]Foomuuri\f[R] is a firewall generator for nftables based on the
concept of zones.
It is suitable for all systems from personal machines to corporate
firewalls, and supports advanced features such as a rich rule language,
IPv4/IPv6 rule splitting, dynamic DNS lookups, a D\-Bus API and
FirewallD emulation for NetworkManager\[cq]s zone support.
.SH OPTIONS
.TP
\f[CR]\-\-help\f[R]
display this help and exit
.TP
\f[CR]\-\-version\f[R]
output version information and exit
.TP
\f[CR]\-\-verbose\f[R]
verbose output
.TP
\f[CR]\-\-quiet\f[R]
be quiet
.TP
\f[CR]\-\-force\f[R]
force some operations, don\[cq]t check anything
.TP
\f[CR]\-\-soft\f[R]
don\[cq]t force operations, check more
.TP
\f[CR]\-\-fork\f[R]
fork as a background daemon process
.TP
\f[CR]\-\-syslog\f[R]
enable syslog logging
.TP
\f[CR]\-\-set=option=value\f[R]
set config option to value
.SH COMMANDS
.TP
\f[B]start\f[R]
load configuration files, generate new ruleset and load it to kernel
.TP
\f[B]stop\f[R]
remove ruleset from kernel
.TP
\f[B]reload\f[R]
same as \f[B]start\f[R], followed by iplist refresh
.TP
\f[B]try\-reload\f[R]
same as \f[B]reload\f[R], ask confirmation to keep new config, revert
back to old config if no reply
.TP
\f[B]status\f[R]
show current status: running, zone\-interface mapping
.TP
\f[B]check\f[R]
load configuration files and verify syntax
.TP
\f[B]block\f[R]
load \[lq]block all traffic\[rq] ruleset
.TP
\f[B]list\f[R]
list active ruleset currently loaded to kernel
.TP
\f[B]list zone\-zone {zone\-zone\&...}\f[R]
list active ruleset for \f[B]zone\-zone\f[R] currently loaded to kernel
.TP
\f[B]list macro\f[R]
list all known macros
.TP
\f[B]list macro name {name\&...}\f[R]
list all macros with specified name or value
.TP
\f[B]list counter\f[R]
list all named counters
.TP
\f[B]list counter name {name\&...}\f[R]
list named counter with specified name
.TP
\f[B]iplist list\f[R]
list entries in all configured iplists
.TP
\f[B]iplist list name {name\&...}\f[R]
list entries in named iplist
.TP
\f[B]iplist add name {timeout} ipaddress {ipaddress\&...}\f[R]
add or refresh IP address to iplist
.TP
\f[B]iplist del name ipaddress {ipaddress\&...}\f[R]
delete IP address from iplist
.TP
\f[B]iplist flush name {name\&...}\f[R]
delete all IP addresses from iplist
.TP
\f[B]iplist refresh name {name\&...}\f[R]
refresh iplist \[at]name entries now
.TP
\f[B]set interface {interface} zone {zone}\f[R]
change interface to zone
.TP
\f[B]set interface {interface} zone \-\f[R]
remove interface from all zones
.SH FILES
\f[B]Foomuuri\f[R] reads configuration files from
\f[I]/etc/foomuuri/*.conf\f[R].
See \c
.UR https://github.com/FoobarOy/foomuuri/wiki/Host-Firewall
.UE \c
\ for example configuration.
.SH AUTHORS
Kim B. Heino, b\[at]bbbs.net, Foobar Oy
.SH BUG REPORTS
Submit bug reports \c
.UR https://github.com/FoobarOy/foomuuri/issues
.UE \c
.SH SEE ALSO
Full documentation \c
.UR https://github.com/FoobarOy/foomuuri/wiki
.UE \c
|
