PacketShield

Network Interfaces

PacketShield processes all incoming and outgoing packets passing through physical interfaces using the associated instance configuration and session table.

Info

A physical interface can be attached to a single PacketShield instance at a time.

Keep in mind the following statements about physical instances in PacketShield:

  • There is no limitation on the number of physical interfaces attached to an instance

  • PacketShield supports hot attach / detach operations on interfaces, regardless their status DOWN or UP

  • An interface is not detached from the instance if its state switches to DOWN

  • An interface is automatically detached from the instance if its driver module is unloaded

  • All attached interfaces are automatically detached when the instance is destroyed

Info

After making changes using the GUI, make the changes persist after a reboot by going to the Setup tab and clicking Save within the Configuration section. After making changes using the CLI, execute config save to persist the changes.

Use sysfs entry Jump to heading

You manage an instance's physical interfaces using the sysfs entry /sys/packetshield/<instance name>/ifaces.

Attach a physical interface Jump to heading

sysfs Jump to heading

Write the interface device name, prefixed by the plus sign character (+) in the sysfs entry.

Attach interface eth1 and eth2 to instance myinst:

nix
echo "+eth1"> /sys/packetshield/myinst/ifaces
echo "+eth2"> /sys/packetshield/myinst/ifaces
nix
echo "+eth1"> /sys/packetshield/myinst/ifaces
echo "+eth2"> /sys/packetshield/myinst/ifaces

GUI Jump to heading

Use the statement <instance name>/ifaces followed by the <device name>.

Attach interface eth1 and eth2 to instance myinst:

nix
myinst/ifaces eth1
myinst/ifaces eth2
nix
myinst/ifaces eth1
myinst/ifaces eth2

Detach a physical interface Jump to heading

sysfs Jump to heading

Write the interface device name, prefixed by the minus sign character (-) in the sysfs entry.

Detach interface eth2 from instance myinst:

nix
echo "-eth2"> /sys/packetshield/myinst/ifaces
nix
echo "-eth2"> /sys/packetshield/myinst/ifaces

GUI Jump to heading

Remove the statement line <instance name>/ifaces <device name> matching the device name to be removed.

List physical interfaces Jump to heading

This function is only available using CLI.

To display the physical interfaces attached to an instance, you read the contents of the sysfs entry /sys/packetshield/<instance>/ifaces.

nix
cat /sys/packetshield/myinst/ifaces
nix
cat /sys/packetshield/myinst/ifaces
output
text
eth0
eth6
eth5
output
text
eth0
eth6
eth5

Do you have any suggestions on how we can improve the content of this page?