Skip to content
Tom Barbette edited this page Oct 3, 2018 · 2 revisions

KernelFilter Element Documentation

NAME

KernelFilter — Click element; block kernel from handling packets

SYNOPSIS

KernelFilter(FILTERSPEC, ...)

Ports: none
Drivers: userlevel

DESCRIPTION

The KernelFilter element installs filter rules in the kernel to stop the kernel from handling certain types of packets. Use this in combination with FromDevice.u to handle packets in user-level Click configurations.

KernelFilter uses iptables(1) to install filters; if your system does not support iptables(1), KernelFilter will fail. Normally KernelFilter uses either /sbin/iptables or /usr/sbin/iptables. To override this use the IPTABLES_COMMAND keyword argument.

KernelFilter uninstalls its firewall rules when Click shuts down. If Click shuts down uncleanly, for instance because of a segmentation fault or 'kill -9', then the rules will remain in place, and you'll have to remove them yourself.

Currently only one form of FILTERSPEC is understood.

  • 'drop dev DEVNAME' — The kernel is blocked from handling any packets arriving on device DEVNAME. However, these packets will still be visible to tcpdump(1), and to Click elements like FromDevice.u.

SEE ALSO

FromDevice.u, ToDevice.u, KernelTap, ifconfig

Generated by click-elem2man from ../elements/userlevel/kernelfilter.hh:7 on 2018/10/03.

Clone this wiki locally