PacketShield
Network Interfaces
PacketShield processes all incoming and outgoing packets passing through physical interfaces using the associated instance configuration and session table.
Info
A physical interface can be attached to a single PacketShield instance at a time.
Keep in mind the following statements about physical instances in PacketShield:
-
There is no limitation on the number of physical interfaces attached to an instance
-
PacketShield supports hot attach / detach operations on interfaces, regardless their status DOWN or UP
-
An interface is not detached from the instance if its state switches to DOWN
-
An interface is automatically detached from the instance if its driver module is unloaded
-
All attached interfaces are automatically detached when the instance is destroyed
Info
After making changes using the GUI, make the changes persist after a reboot by going to the Setup tab and clicking Save within the Configuration section. After making changes using the CLI, execute config save
to persist the changes.
Use sysfs entry Jump to heading
You manage an instance's physical interfaces using the sysfs entry /sys/packetshield/<instance name>/ifaces
.
Attach a physical interface Jump to heading
sysfs Jump to heading
Write the interface device name, prefixed by the plus sign character (+
) in the sysfs entry.
Attach interface eth1 and eth2 to instance myinst:
nix
echo "+eth1"> /sys/packetshield/myinst/ifacesecho "+eth2"> /sys/packetshield/myinst/ifaces
nix
echo "+eth1"> /sys/packetshield/myinst/ifacesecho "+eth2"> /sys/packetshield/myinst/ifaces
GUI Jump to heading
Use the statement <instance name>/ifaces
followed by the <device name>
.
Attach interface eth1 and eth2 to instance myinst:
nix
myinst/ifaces eth1myinst/ifaces eth2
nix
myinst/ifaces eth1myinst/ifaces eth2
Detach a physical interface Jump to heading
sysfs Jump to heading
Write the interface device name, prefixed by the minus sign character (-
) in the sysfs entry.
Detach interface eth2 from instance myinst:
nix
echo "-eth2"> /sys/packetshield/myinst/ifaces
nix
echo "-eth2"> /sys/packetshield/myinst/ifaces
GUI Jump to heading
Remove the statement line <instance name>/ifaces <device name>
matching the device name to be removed.
List physical interfaces Jump to heading
This function is only available using CLI.
To display the physical interfaces attached to an instance, you read the contents of the sysfs entry /sys/packetshield/<instance>/ifaces
.
nix
cat /sys/packetshield/myinst/ifaces
nix
cat /sys/packetshield/myinst/ifaces
outputtext
eth0eth6eth5
outputtext
eth0eth6eth5
Do you have any suggestions on how we can improve the content of this page?