Homepage di Giacomo.

/proc interface

IPFIRE modules create, when started, a proc entry named policy and located in subdirectory IPFIRE of proc root directory. To be informed on which policy is applied to packets which do not match with any rule in ruleset, you can read the default behaviour giving the command:

cat /proc/IPFIRE/policy .

You will be able to read policy being applied.

Changing default IPFIRE policy

Changing the behaviour of the packet filter for packets not matching any rule is as simple as writing accept or denial to proc entry.

echo "accept" > /proc/IPFIRE/policy
will set default policy to accept: packets not matching a rule will be accepted by filter.

echo "denial" > /proc/IPFIRE/policy
will set default policy to denial: packets not matching a rule will be dropped by filter.

Following pictures show an example of reading/writing to proc interface and syslog related messages.

As you can see, after removing IPFIRE module, proc entry is removed and is no more available.

Valid XHTML 1.0!

Top of page
Back to index
Next page (building user interface)
Previous page (kernel module loading and unloading)