L Parent topic: L

lsm-pf-v4.so, lsm-pf-v6.so

IP filter services

Note: Use the version of this module that corresponds to the version of io-pkt-* that you're running:
  • lsm-pf-v4.so with io-pkt-v4-hc
  • lsm-pf-v6.so with io-pkt-v6-hc

Syntax:

If you're using io-pkt-v4-hc, use one of the following: 

io-pkt-v4-hc -p pf-v4
mount -Tio-pkt lsm-pf-v4.so

If you're using io-pkt-v6-hc, use one of the following: 

io-pkt-v6-hc -p pf-v6
mount -Tio-pkt lsm-pf-v6.so

If you use mount, specify io-pkt as the manager.

Note: If you've started multiple instances of io-pkt, and you've used the -i option to assign stack instance numbers, you can load lsm-pf-v*.so into a specific instance by adding the stack number to the name of the manager (e.g., mount -Tio-pkt2 lsm-pf-v6.so). For more information, see Running multiple instances of the TCP/IP stack in the TCP/IP Networking chapter of the QNX Neutrino User's Guide.

Runs on:

QNX Neutrino

Options:

None.

Description:

The lsm-pf-v4.so and lsm-pf-v6.so shared objects are the modules that handle IP filtering and NAT (Network Address Translation) services. You need to load these libraries to enable filtering and NAT functionality.

IP filtering allows your host to act as a firewall, or you can provide firewall services on your host. NAT allows multiple hosts on a subnet to share a common IP address.

You use configuration files to set the filtering and NAT rules. For more details, see the documentation for pf.conf.

If you load lsm-pf-v4.so or lsm-pf-v6.so, io-pkt creates a pflog0 interface. If you enable logging, the logged packets are sent to this interface, and you can use tcpdump to display them. For example: 

tcpdump -n -e -ttt -i pflog0
Related concepts
Packet Filtering and Firewalling (Core Networking User's Guide)
Related reference
io-pkt-v4-hc, io-pkt-v6-hc
mount
pf
/etc/pf.conf
pfctl
Parent topic: L