PacketShield processes all incoming and outgoing packets passing through physical interfaces using the associated instance configuration and session table.

Note

A physical interface can be attached to a single PacketShield instance at a time.

Bear in mind the following statements about physical instances in PacketShield:

  • There is no limitation on the number of physical interfaces attached to an instance

  • PacketShield supports hot attach / detach operations on interfaces, regardless their status DOWN or UP

  • An interface is not detached from the instance if its state switches to DOWN

  • An interface is automatically detached from the instance if its driver module is unloaded

  • All attached interfaces are automatically detached when the instance is destroyed

Use sysfs entry

You manage an instance's physical interfaces using the sysfs entry /sys/packetshield/<instance name>/ifaces.

Attach a physical interface

sysfs

Write the interface device name, prefixed by the char + in the sysfs entry.

Attach interface eth1 and eth2 to instance myinst:

echo "+eth1"> /sys/packetshield/myinst/ifaces
echo "+eth2"> /sys/packetshield/myinst/ifaces

GUI

Use the statement <instance name>/ifaces followed by the <device name>.

Attach interface eth1 and eth2 to instance myinst:

myinst/ifaces eth1
myinst/ifaces eth2

Detach a physical interface

sysfs

Write the interface device name, prefixed by the char - in the sysfs entry.

Detach interface eth2 from instance myinst:

echo "-eth2"> /sys/packetshield/myinst/ifaces

GUI

Remove the statement line <instance name>/ifaces <device name> matching the device name to be removed.

List physical interfaces

This function is only available using CLI.

To display the physical interfaces attached to an instance, you read the contents of the sysfs entry /sys/packetshield/<instance>/ifaces.

cat /sys/packetshield/myinst/ifaces
eth0
eth6
eth5