-
Notifications
You must be signed in to change notification settings - Fork 81
KernelFilter
KernelFilter — Click element; block kernel from handling packets
KernelFilter(FILTERSPEC, ...)
Ports: none
Drivers: userlevel
The KernelFilter element installs filter rules in the kernel to stop the kernel from handling certain types of packets. Use this in combination with FromDevice.u to handle packets in user-level Click configurations.
KernelFilter uses iptables(1) to install filters; if your system does not support iptables(1), KernelFilter will fail. Normally KernelFilter uses either /sbin/iptables or /usr/sbin/iptables. To override this use the IPTABLES_COMMAND keyword argument.
KernelFilter uninstalls its firewall rules when Click shuts down. If Click shuts down uncleanly, for instance because of a segmentation fault or 'kill -9', then the rules will remain in place, and you'll have to remove them yourself.
Currently only one form of FILTERSPEC is understood.
- '
drop dev DEVNAME
' — The kernel is blocked from handling any packets arriving on device DEVNAME. However, these packets will still be visible to tcpdump(1), and to Click elements like FromDevice.u.
FromDevice.u, ToDevice.u, KernelTap, ifconfig
Generated by click-elem2man from ../elements/userlevel/kernelfilter.hh:7
on 2018/10/03.