From 2b1ab86cddb194a64aa9082ce9a133b405174fde Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Tue, 3 Dec 2024 11:46:33 +0100 Subject: [PATCH 1/6] docs(dpi): add instructions for excluding interfaces in Netifyd --- dpi_filter.rst | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/dpi_filter.rst b/dpi_filter.rst index 79ea848a..7afae5d8 100644 --- a/dpi_filter.rst +++ b/dpi_filter.rst @@ -50,4 +50,31 @@ To add a new exception, click the ``Add exception`` button. Enter the ``IP address`` that should be exempted from the filter. You can include a description explaining the reason for the exclusion. -Each exception can be enabled or disabled as desired. \ No newline at end of file +Each exception can be enabled or disabled as desired. + +Netify interface exclusion +-------------------------- + +By default, Netifyd monitors all interfaces. To exclude specific interfaces, you can define an exclusion list. Below are commands to add, modify, or remove excluded interfaces. + +- Add interfaces to exclusion list: :: + + uci add_list netifyd.@netifyd[0].exclude='eth1' + uci add_list netifyd.@netifyd[0].exclude='tun' + uci add_list netifyd.@netifyd[0].exclude='wg' + uci commit netifyd + +- Modify exclusion list: :: + + uci delete netifyd.@netifyd[0].exclude='eth1' + uci add_list netifyd.@netifyd[0].exclude='eth2' + uci commit netifyd + +- Clear exclusion list: :: + + uci delete netifyd.@netifyd[0].exclude + uci commit netifyd + +- Return the exclusion list: :: + + uci show netifyd.@netifyd[0].exclude From 8613de7c9de811f5c7369a0ab3e15891e089956b Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Wed, 4 Dec 2024 15:35:44 +0100 Subject: [PATCH 2/6] fix(doc): review of giacomo Sanchietti Co-authored-by: Giacomo Sanchietti --- dpi_filter.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dpi_filter.rst b/dpi_filter.rst index 7afae5d8..b1917528 100644 --- a/dpi_filter.rst +++ b/dpi_filter.rst @@ -57,13 +57,13 @@ Netify interface exclusion By default, Netifyd monitors all interfaces. To exclude specific interfaces, you can define an exclusion list. Below are commands to add, modify, or remove excluded interfaces. -- Add interfaces to exclusion list: :: +- Add interfaces to exclusion list. The system will exclude all interfaces with a name starting with the configure value: :: uci add_list netifyd.@netifyd[0].exclude='eth1' uci add_list netifyd.@netifyd[0].exclude='tun' uci add_list netifyd.@netifyd[0].exclude='wg' uci commit netifyd - +In this this case the system will exclude interface ``eth1``, all WireGuard ``wgX`` interfaces and all OpenVPN routed interfaces. - Modify exclusion list: :: uci delete netifyd.@netifyd[0].exclude='eth1' From 1fdfe47f27c519f1530de069cd9818689023ecc1 Mon Sep 17 00:00:00 2001 From: Giacomo Sanchietti Date: Wed, 4 Dec 2024 15:45:25 +0100 Subject: [PATCH 3/6] Update dpi_filter.rst --- dpi_filter.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dpi_filter.rst b/dpi_filter.rst index b1917528..2f27c84a 100644 --- a/dpi_filter.rst +++ b/dpi_filter.rst @@ -63,7 +63,9 @@ By default, Netifyd monitors all interfaces. To exclude specific interfaces, you uci add_list netifyd.@netifyd[0].exclude='tun' uci add_list netifyd.@netifyd[0].exclude='wg' uci commit netifyd -In this this case the system will exclude interface ``eth1``, all WireGuard ``wgX`` interfaces and all OpenVPN routed interfaces. + + In this this case the system will exclude interface ``eth1``, all WireGuard ``wgX`` interfaces and all OpenVPN routed interfaces. + - Modify exclusion list: :: uci delete netifyd.@netifyd[0].exclude='eth1' From 439970d8508d26b85d134127d683801b615e6378 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Thu, 5 Dec 2024 12:18:59 +0100 Subject: [PATCH 4/6] fix(dpi): update exclusion list commands to use 'ns_exclude' --- dpi_filter.rst | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/dpi_filter.rst b/dpi_filter.rst index 2f27c84a..937cae44 100644 --- a/dpi_filter.rst +++ b/dpi_filter.rst @@ -59,24 +59,27 @@ By default, Netifyd monitors all interfaces. To exclude specific interfaces, you - Add interfaces to exclusion list. The system will exclude all interfaces with a name starting with the configure value: :: - uci add_list netifyd.@netifyd[0].exclude='eth1' - uci add_list netifyd.@netifyd[0].exclude='tun' - uci add_list netifyd.@netifyd[0].exclude='wg' + uci add_list netifyd.@netifyd[0].ns_exclude='eth1' + uci add_list netifyd.@netifyd[0].ns_exclude='tun*' + uci add_list netifyd.@netifyd[0].ns_exclude='wg*' uci commit netifyd + echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit In this this case the system will exclude interface ``eth1``, all WireGuard ``wgX`` interfaces and all OpenVPN routed interfaces. - Modify exclusion list: :: - uci delete netifyd.@netifyd[0].exclude='eth1' - uci add_list netifyd.@netifyd[0].exclude='eth2' + uci delete netifyd.@netifyd[0].ns_exclude='eth1' + uci add_list netifyd.@netifyd[0].ns_exclude='eth2' uci commit netifyd + echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit - Clear exclusion list: :: - uci delete netifyd.@netifyd[0].exclude + uci delete netifyd.@netifyd[0].ns_exclude uci commit netifyd + echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit - Return the exclusion list: :: - uci show netifyd.@netifyd[0].exclude + uci show netifyd.@netifyd[0].ns_exclude From 179f60d552e401d2942ba01f5e0aa9bb18ab94f9 Mon Sep 17 00:00:00 2001 From: Giacomo Sanchietti Date: Thu, 5 Dec 2024 14:51:03 +0100 Subject: [PATCH 5/6] Update dpi_filter.rst --- dpi_filter.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/dpi_filter.rst b/dpi_filter.rst index 937cae44..a3a80e4e 100644 --- a/dpi_filter.rst +++ b/dpi_filter.rst @@ -56,6 +56,7 @@ Netify interface exclusion -------------------------- By default, Netifyd monitors all interfaces. To exclude specific interfaces, you can define an exclusion list. Below are commands to add, modify, or remove excluded interfaces. +The exclusion list is configured using the ``ns_exclude`` option that takes a list of patterns. Each entry is a shel glob pattern. - Add interfaces to exclusion list. The system will exclude all interfaces with a name starting with the configure value: :: From 99a2dfaf59a2d6b904ea75971e843f09f70219ad Mon Sep 17 00:00:00 2001 From: Giacomo Sanchietti Date: Thu, 5 Dec 2024 14:51:54 +0100 Subject: [PATCH 6/6] Update dpi_filter.rst --- dpi_filter.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dpi_filter.rst b/dpi_filter.rst index a3a80e4e..32404a49 100644 --- a/dpi_filter.rst +++ b/dpi_filter.rst @@ -58,7 +58,7 @@ Netify interface exclusion By default, Netifyd monitors all interfaces. To exclude specific interfaces, you can define an exclusion list. Below are commands to add, modify, or remove excluded interfaces. The exclusion list is configured using the ``ns_exclude`` option that takes a list of patterns. Each entry is a shel glob pattern. -- Add interfaces to exclusion list. The system will exclude all interfaces with a name starting with the configure value: :: +- Add interfaces to exclusion list. The system will exclude the `eth1` interface and all OpenVPN and WireGuard interfaces: :: uci add_list netifyd.@netifyd[0].ns_exclude='eth1' uci add_list netifyd.@netifyd[0].ns_exclude='tun*'