Sorry for the delay, kipper3d, I just responded to your ticket about this issue. I’m posting the same response here for those who are interested:
The interface to apf.pex isn’t very friendly, so you might better off just writing your own bash script to modify /etc/apf/conf.apf. For example, you can’t simply open or close a port with one parameter to ~iworx/bin/apf.pex. You have to list all the ports you want open, each time:
~iworx/bin/apf.pex --set-inbound-tcp=21,22,25,80,110,143,443,993,995,2080,2443,3306,2200_2400,5000_5500,20 \ --set-outbound-tcp=22,25,80,443,2080,2443,3306,2200_2400,5000_5500,20 \
If you wanted to completey close the port range 5000-5500 (which was open on both TCP in and out and UDP in and out), you would have to do:
~iworx/bin/apf.pex --set-inbound-tcp=21,22,25,80,110,143,443,993,995,2080,2443,3306,2200_2400,20 \
Similarly, I don’t suggest using ~iworx/bin/shell.pex to manipulate shell users. But, if you were still set on using the shell.pex command, you would do:
~iworx/bin/shell.pex --change-shell username=/bin/newshell
There are a few scripts in ~iworx/bin/ that do InterWorx specific operations (like listaccounts.pex and varpermsfix.pex), but for the most part the scripts in ~iworx/bin/ are wrapper scripts to get us access to system commands as the iworx user (for security reasons). In most cases, it’s best to write a bash script and use the system commands directly.