interface — format of interface component configuration
General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the interface component configuration.
Repeatable sections/items are marked by
the '*' before section/item name.
Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).
Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.
The following enumerations are used in interface configuration directives:
yes-no (see common(5))lagg-protocol (name-usage obligatory)Line Aggregation Protocols.
none, failover, fec, lacp, loadbalance, roundrobin
Configuration of interface library component consists of following prototypes:
ipv4 ... ;
ipv6 ... ;
ipv6-rtadv { ... }
tunnel ... ;
* interface name { ... }
ipv4 addr [dest];IPv4 address definition.
addr (type: addr)Interface address and mask.
dest (type: host, optional, default: [0.0.0.0])Point-to-point destination address.
net (type: net)Method to get network address.
host (type: host)Method to get address w/o mask.
ipv6 addr;IPv6 address definition.
addr (type: addr)Interface address with prefix.
net (type: net)Method to get network address.
host (type: host)Method to get address w/o prefix.
ipv6-rtadv {
enable ... ;
managed-address ... ;
other-stateful ... ;
* raw ... ;
}
Settings of IPv6 router advertisements.
enable [val];Enables or disables IPv6 router advertisements on this interface.
val (type: yes-no, optional, default: no)managed-address [val];Sets Managed address configuration flag bit.
val (type: yes-no, optional, default: no)other-stateful [val];Sets Other stateful configuration flag bit.
val (type: yes-no, optional, default: no)raw field;Raw configuration field.
It must be written in the format specified in rtadvd.conf(5). The FIELD value of this item is written (separated properly by colons) to the end of the rtadvd.conf 'default' entry (if used in the global RTADVD section), or just before the terminal 'tc=default' field of a particular interface entry (if used in an INTERFACE section).
field (type: str)[End of section ipv6-rtadv description.]
tunnel addr dest;Pair of tunnel addresses.
addr (type: addr)Interface address with prefix.
dest (type: host)Tunnel destination address.
Tunnel addresses must have the same family..
interface name {
dev ... ;
ipv4 ... ;
ipv6 ... ;
mac ... ;
aggregate ... ;
pike ... ;
vlan ... ;
tunnel ... ;
dhcp-client ... ;
ipv6-rtadv { ... }
* alias name { ... }
* tag ... ;
}
Interface description.
There are two main reasons for defining of interfaces:
- All interfaces except VIRTUAL ones will be added into operating system startup and a formal Kernun component will be added to ease its management.
- All interfaces (their names) can be used for proxy listen-on socket definition.
Device name must be specified.
Tunnel addresses needed and allowed only for GIF and GRE.
Destination address needed and allowed only for IPv4 in GIF, GRE and TUN..
Tunnel IPv6 addresses not allowed for GRE.
AGGREGATE is obligatory item of LAGG interfaces.
VLAN is obligatory item of VLAN interfaces.
PIKE is obligatory item of PIKE interfaces.
dev name [virtual] [media media] [mediaopt mediaopt];Device description.
name (type: str)Device name.
virtual (type: key, optional)Virtual device, do not include to rc.conf.
media media (type: str, optional, default: <NULL>)Device media type.
mediaopt mediaopt (type: str, optional, default: <NULL>)Device media options.
Media options can be set only if media is set, too.
ipv4 addr [dest];Interface base IPv4 address.
addr (type: addr)Interface address and mask.
dest (type: host, optional, default: [0.0.0.0])Point-to-point destination address.
net (type: net)Method to get network address.
host (type: host)Method to get address w/o mask.
ipv6 addr;Interface base IPv6 address.
addr (type: addr)Interface address with prefix.
net (type: net)Method to get network address.
host (type: host)Method to get address w/o prefix.
mac addr;Hardware address.
addr (type: str)aggregate [proto proto] iface;Aggregated interface parameters definition.
proto proto (type: lagg-protocol, optional, default: failover)iface (type: name-list of interface, see above)pike iface [nomadic];PIKE interface parameters definition.
iface (type: name of interface, see above)Real interface.
nomadic (type: key, optional)Flag to hide address in backup state.
vlan id parent;VLAN interface parameters definition.
id (type: uint16)VLAN ID
parent (type: name of interface, see above)Parent interface
tunnel addr dest;Pair of tunnel addresses.
addr (type: addr)Interface address with prefix.
dest (type: host)Tunnel destination address.
Tunnel addresses must have the same family..
dhcp-client;DHCP configuration mode definition.
If used, the interface will be configured via DHCP.
If used together with the IPv4 item, the address MUST be assigned statically and interface behaves as normal interface except the dhclient daemon running.
If the address is assigned by the DHCP server randomly, the IPv4 item must not be used. In this case, the interface cannot be referenced by the name in non-transparent listen-on case.
ipv6-rtadv {
enable ... ;
managed-address ... ;
other-stateful ... ;
* raw ... ;
}
ipv6-rtadv section is derived from
ipv6-rtadv section prototype.
For detail description of it, see above.
alias name {
ipv4 ... ;
ipv6 ... ;
}
Interface aliases definition.
ipv4 addr [dest];IPv4 address definition.
addr (type: addr)Interface address and mask.
dest (type: host, optional, default: [0.0.0.0])Point-to-point destination address.
net (type: net)Method to get network address.
host (type: host)Method to get address w/o mask.
ipv6 addr;IPv6 address definition.
addr (type: addr)Interface address with prefix.
net (type: net)Method to get network address.
host (type: host)Method to get address w/o prefix.
[End of section interface.alias description.]
tag value;Configuration factorization tag.
This feature allows admin to create groups of Kernun applications (specially proxies and servers) according to various aspects (belonging to one customer, applications of particular network traffic etc.).
Each application can have several tag attributes and the KAT tool can run some commands (like 'ps', 'start' atc.) for applications with or without given tag.
value (type: str)Tag must contain letters, digits, hyphens and dots, only.
[End of section interface description.]