diff options
Diffstat (limited to 'doc/eclat-sg.1')
-rw-r--r-- | doc/eclat-sg.1 | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/doc/eclat-sg.1 b/doc/eclat-sg.1 new file mode 100644 index 0000000..f9f62d6 --- /dev/null +++ b/doc/eclat-sg.1 @@ -0,0 +1,154 @@ +.\" This file is part of Eclat -*- nroff -*- +.\" Copyright (C) 2012, 2013 Sergey Poznyakoff +.\" +.\" Eclat is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 3, or (at your option) +.\" any later version. +.\" +.\" Eclat is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with Eclat. If not, see <http://www.gnu.org/licenses/>. +.TH SG 1 "December 17, 2013" "ECLAT" "Eclat User Reference" +.SH NAME +eclat sg \- manipulate security groups +.SH SYNOPSIS +\fBeclat sg\fR \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR] [\fB\-G\fR \fINAME\fR] [\fB\-P\fR \fIPORT\fR[\fB\-\fIPORT\fR]] + [\fB\-g\fR \fIID\fR] [\fB\-p\fR \fIPROTO\fR] [\fB\-s\fR \fICIDR\fR] [\fB\-u\fR \fIUSER\fR] [\fB\-\-group\-id\fR=\fIID\fR] + [\fB\-\-group\-name\fR=\fINAME\fR] [\fB\-\-name\fR] [\fB\-\-next\fR, \fB\-\-new\fR] + [\fB\-\-port\fR=\fIPORT\fR[\fB\-\fIPORT\fR]] [\fB\-\-protocol\fr=\fIPROTO\fR] [\fB\-\-source\fR=\fICIDR\fR] + [\fB\-\-user\fR=\fIUSER\fR] \fIGROUP\fR +.br +\fBeclat sg\fR \fB\-\-list\fR|\fB\-L\fR [\fB\-n\fR] [\fB\-\-name\fR] [\fIGROUP\fR] +.br +\fBeclat sg\fR \fB\-h\fR +.br +\fBeclat sg\fR \fB\-\-help\fR +.br +\fBeclat sg\fR \fB\-\-usage\fR +.SH DESCRIPTION +The \fBsg\fR command is used to list and configure \fBEC2\fR security +groups. When used with the \fB\-\-list\fR (\fB\-L\fR) argument, it +displays the information about the given group, or all groups in the +account, if the \fIGROUP\fR argument is not provided. The argument is +either the group ID, or group name. In the latter case, the +\fB\-\-name\fR (\fB\-n\fR) option should be given. +.PP +When used with \fB\-\-add\fR (\fB\-A\fR) option, the command adds the +rules to the security groups. The rules are described using the command +line options. For example: +.PP +.EX +.B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567 +.EE +.PP +This command adds to the security group \fBsg\-01234567\fR a rule +allowing access to port \fB22\fR from IP addresses in the range +\fB192.0.2.0\fR \- \fB192.0.2.255\fR. +.PP +If \fB\-\-proto icmp\fR is used the \fB\-\-port\fR option can be +omitted. +.PP +Several rules can be added in one invocation. The \fB\-\-next\fR +(\fB\-\-new\fR) option is used to separate them. E.g.: +.PP +.EX +.B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 --next \\\\ +.B --proto icmp --source 192.0.2.0/24 sg-01234567 +.EE +.PP +The \fB\-\-delete\fR (\fB\-D\fR) option deletes existing rules, which +are defined using the same syntax as described above. +.SH OPTIONS +.SS Commands +These options define the operation to be performed over the security +group. A valid invocation of the \fBsg\fR subcommand must contain +exactly one of these: +.TP +.BR \-A , \-\-add +Add rules. +.TP +.BR \-D , \-\-delete +Delete rules. +.TP +.BR \-L , \-\-list +List rules. +.SS Rule constituents +The options below are used to define the rules. Unless \fB\-\-list\fR +is requsted, at least one rule must be defined. +.PP +A rule defines a set of IPv4 addresses and a port range that these are +allowed to access. The IP addresses can be specfied either in +dotted-quad notation or as host names and can optionally be followed +by a \fB/\fR and the network mask length or the network mask. For +example: \fB192.0.2.0/24\fR or \fB192.0.2.0/255.255.255.0\fR. Missing +netmask part implies the network mask length of \fB32\fR. +.PP +Another way of defining IP addresses is by supplying the name or ID of +another \fBEC2\fR security group. +.TP +\fB\-G\fR, \fB\-\-group\-name=\fINAME\fR +Sets source group name. +.TP +\fB\-P\fR, \fB\-\-port\fR=\fIPORT\fR[\fB-\fIPORT\fR] +Destination port number or range. Each \fIPORT\fR can be either a +port number in decimal or a service name from +.BR services (5). +.TP +\fB\-g\fR, \fB\-\-group\-id=\fIID\fR +Sets source group ID. +.TP +\fB\-p\fR, \fB\-\-protocol=\fIPROTO\fR +Protocol name or number. +.TP +\fB\-s\fR, \fB\-\-source=\fICIDR\fR +Source CIDR. The argument is an IPv4 address or host name, optionally +followed by a \fB/\fR and the network mask length in decimal or the +network mask in dotted-quad notation. +.TP +\fB\-u\fR, \fB\-\-user=\fIUSER\fR +User name for the subsequent \fB\-\-group\-name\fR or +\fB\-\-group\-id\fR option. +.SS Other options +.TP +.BR \-n , \-\-name +The \fIGROUP\fR argument is a group name. Without this option it is +treated as the group name. +.TP +.BR \-N , \-\-next , \-\-new +Begins next rule. +.SS Informational options +.TP +.BR \-h , \-\-help +Give a terse help summary. +.TP +.BR \-\-usage +List command line syntax and available options. +.SH "SEE ALSO" +.BR eclat (1), +.BR eclat\-lssg (1). +.SH AUTHORS +Sergey Poznyakoff +.SH "BUG REPORTS" +Report bugs to <bug\-eclat@gnu.org.ua>. +.SH COPYRIGHT +Copyright \(co 2012, 2013 Sergey Poznyakoff +.br +.na +License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> +.br +.ad +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +.\" Local variables: +.\" eval: (add-hook 'write-file-hooks 'time-stamp) +.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \"" +.\" time-stamp-format: "%:B %:d, %:y" +.\" time-stamp-end: "\"" +.\" time-stamp-line-limit: 20 +.\" end: + |