Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add instructions for excluding interfaces in Netifyd #136

Merged
merged 6 commits into from
Dec 18, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 34 additions & 1 deletion dpi_filter.rst
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,37 @@ To add a new exception, click the ``Add exception`` button.
Enter the ``IP address`` that should be exempted from the filter.
You can include a description explaining the reason for the exclusion.

Each exception can be enabled or disabled as desired.
Each exception can be enabled or disabled as desired.

Netify interface exclusion
--------------------------

By default, Netifyd monitors all interfaces. To exclude specific interfaces, you can define an exclusion list. Below are commands to add, modify, or remove excluded interfaces.
gsanchietti marked this conversation as resolved.
Show resolved Hide resolved
The exclusion list is configured using the ``ns_exclude`` option that takes a list of patterns. Each entry is a shel glob pattern.

- Add interfaces to exclusion list. The system will exclude the `eth1` interface and all OpenVPN and WireGuard interfaces: ::

uci add_list netifyd.@netifyd[0].ns_exclude='eth1'
uci add_list netifyd.@netifyd[0].ns_exclude='tun*'
uci add_list netifyd.@netifyd[0].ns_exclude='wg*'
uci commit netifyd
echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit

stephdl marked this conversation as resolved.
Show resolved Hide resolved
In this this case the system will exclude interface ``eth1``, all WireGuard ``wgX`` interfaces and all OpenVPN routed interfaces.

- Modify exclusion list: ::

uci delete netifyd.@netifyd[0].ns_exclude='eth1'
uci add_list netifyd.@netifyd[0].ns_exclude='eth2'
uci commit netifyd
echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit

- Clear exclusion list: ::

uci delete netifyd.@netifyd[0].ns_exclude
uci commit netifyd
echo '{"changes": {"network": {}}}' | /usr/libexec/rpcd/ns.commit call commit

- Return the exclusion list: ::

uci show netifyd.@netifyd[0].ns_exclude