This is automatically generated documentation. Edit after the "COMMENTS" heading; changes to the main body will be lost.

KernelFilter Element Documentation


KernelFilter -- Click element; block kernel from handling packets


KernelFilter(FILTERSPEC, ...)

Ports: none
Drivers: userlevel
Package: userlevel (core)


The KernelFilter element installs filter rules in the kernel to stop the kernel from handling certain types of packets. Use this in combination with FromDevice.u to handle packets in user-level Click configurations. KernelFilter uses iptables(1) to install filters; if your system does not support iptables(1), KernelFilter will fail. Normally KernelFilter uses either /sbin/iptables or /usr/sbin/iptables. To override this use the IPTABLES_COMMAND keyword argument. KernelFilter uninstalls its firewall rules when Click shuts down. If Click shuts down uncleanly, for instance because of a segmentation fault or 'kill -9', then the rules will remain in place, and you'll have to remove them yourself. Currently only one form of FILTERSPEC is understood.

'drop dev DEVNAME'
The kernel is blocked from handling any packets arriving on device DEVNAME. However, these packets will still be visible to tcpdump(1), and to Click elements like FromDevice.u.


FromDevice.u, ToDevice.u, KernelTap, ifconfig

Generated by 'click-elem2man' from '../elements/userlevel/kernelfilter.hh:7' on 12/Jul/2011.


elements/kernelfilter.txt · Last modified: 2011/07/12 11:29 (external edit)
Recent changes RSS feed Driven by DokuWiki