/proc interface
IPFIRE modules create, when started, a proc entry named
policy and located in subdirectory IPFIRE of
proc root directory.
To be informed on which policy is applied to packets which do not match with any
rule in ruleset, you can read the default behaviour giving the command:
cat /proc/IPFIRE/policy .
You will be able to read policy being applied.
Changing default IPFIRE policy
Changing the behaviour of the packet filter for packets not matching any rule is as
simple as writing accept
or denial
to proc entry.
echo "accept" > /proc/IPFIRE/policy
will set default policy to accept: packets not matching a rule will be accepted by filter.
echo "denial" > /proc/IPFIRE/policy
will set default policy to denial: packets not matching a rule will be dropped by filter.
Following pictures show an example of reading/writing to proc interface and syslog related messages.
As you can see, after removing IPFIRE module, proc entry is removed
and is no more available.
