Network Interfaces
PacketShield processes all incoming and outgoing packets passing through physical interfaces using the associated instance configuration and session table.
Bear in mind the following statements about physical instances in PacketShield:
There is no limitation on the number of physical interfaces attached to an instance
PacketShield supports hot attach / detach operations on interfaces, regardless their status DOWN or UP
An interface is not detached from the instance if its state switches to DOWN
An interface is automatically detached from the instance if its driver module is unloaded
All attached interfaces are automatically detached when the instance is destroyed
Use sysfs entry
You manage an instance's physical interfaces using the sysfs entry /sys/packetshield/<instance name>/ifaces
.
Attach a physical interface
sysfs
Write the interface device name, prefixed by the char +
in the sysfs entry.
Attach interface eth1 and eth2 to instance myinst:
$ echo "+eth1"> /sys/packetshield/myinst/ifaces
$ echo "+eth2"> /sys/packetshield/myinst/ifaces
GUI
Use the statement <instance name>/ifaces
followed by the <device name>
.
Attach interface eth1 and eth2 to instance myinst:
myinst/ifaces eth1
myinst/ifaces eth2
Detach a physical interface
sysfs
Write the interface device name, prefixed by the char - in the sysfs entry.
Detach interface eth2 from instance myinst:
$ echo "-eth2"> /sys/packetshield/myinst/ifaces
GUI
Remove the statement line <instance name>/ifaces <device name>
matching the device name to be removed.
List physical interfaces
This function is only available using CLI.
To display the physical interfaces attached to an instance, you read the contents of the sysfs entry /sys/packetshield/<instance>/ifaces
.
$ cat /sys/packetshield/myinst/ifaces
eth0
eth6
eth5
Next up
Protected Ports