Provide IP filter services
Use the version of this module that corresponds to the version of
that you're running:
If you're using io-pkt-v4 or io-pkt-v4-hc, use one of the following:
io-pkt-v4 -p pf-v4 io-pkt-v4-hc -p pf-v4 mount -Ttcpip lsm-pf-v4.so
If you're using io-pkt-v6-hc, use one of the following:
io-pkt-v6-hc -p pf-v6 mount -Ttcpip lsm-pf-v6.so
If you use mount, tcpip or io-pkt as the manager.
|If you've started multiple instances of io-pkt, and you've used the -i option to assign stack instance numbers, you can load lsm-pf-v*.so into a specific instance by adding the stack number to the name of the manager (e.g., mount -Tio-pkt2 lsm-pf-v6.so). For more information, see “Running multiple instances of the TCP/IP stack” in the TCP/IP Networking chapter of the QNX Neutrino User's Guide.|
The lsm-pf-v4.so and lsm-pf-v6.so shared objects are the modules that handle IP filtering and NAT (Network Address Translation) services. You need to load these libraries to enable filtering and NAT functionality.
IP filtering allows your host to act as a firewall, or you can provide firewall services on your host. NAT allows multiple hosts on a subnet to share a common IP address.
You use configuration files to set the filtering and NAT rules. For more details, see the documentation for pf.conf.
If you load lsm-pf-v4.so or lsm-pf-v6.so, io-pkt creates a pflog0 interface. The logged packets are sent to this interface, and you can use tcpdump to display them. For example:
tcpdump -n -e -ttt -i pflog0
io-pkt-* mount, pf, pf.conf, pfctl
Packet Filtering and Firewalling chapter of the Core Networking User's Guide