Re: process id with firewall and tc

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Routing, firewalling and shaping run in kernel and has no pid. Instead you can 
get/set /proc flags, and check for the presence of certain data structures.

/proc/sys/net/ipv4/ip_forward is the routing master switch. If 0, the machine 
forwards nothing. You can both set and get the value, should be relatively 
easy from a web page. Beware that setting it to 1 may reset other /proc keys 
to default values.

For iptables firewalling you probably need to check if your rules are loaded 
or not, a script parsing 'iptables -nL' output could do it. Or you could use 
a condition match "enabled" in the beginning of each table, and drop all 
traffic if the condition is false. The /proc/net/ipt_condition/enabled value 
can then be read and set as a master switch from the web page.

Shaping has no /proc files, and no way to create a master switch, so you need 
a script that parses 'tc qdisc show dev eth0' or 'tc class show dev eth0' 
output.


Regards,
Simon


On Saturday 16 September 2006 15:38, William Bohannan wrote:
> Not sure this is the correct place to post this but I am looking to have
> status of the firewall and traffic control (active, disabled, stopped etc)
> on a webpage controlled via something like pid as the machine has many
> things running on it, like firewall, traffic control, data collection for
> graphing the traffic flows, as well as other services like squid etc.  Any
> ideas would be most helpful.
>
>
>
> Kind Regards
>
>
>
> William
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux