auto ifname(profile, profile2, ...) ...

Lists those interfaces which should be set up automatically at boot up (list evaluated from left to right) and shut down on system shutdown (from right to left). All interfaces not listed here must be set up or shut down manually using ifup and ifdown. The 'auto' keyword must be used before the first 'interface' directive.

forward

If used, forwarding between interfaces will be activated at boot up and the host may be used as gateway between two networks. The 'forward' keyword must be used before the first 'interface' directive.

interface ifname(profile, profile2, ...)

Opens an interface section with name 'ifname'. Everything after the interface statement and before the next interface statement is the configuration for that specific interface 'ifname'. All directives within an interface section are evaluated from the first to the last. The resulting configuration is stored in a priority table to achieve a reasonable evaluation when the interface brought up or shut down. For example firewall rules are set up before the interface is enabled, or wireless configurations are set before the IP address is configured.

script filename [ parameters ]

Execute the specified script 'filename' with the given parameters. The parameter 'up' is inserted as first parameter when the interface is set up and the parameter 'down' is inserted when the interface is shut down.

run-up filename [ parameters ]

run-down filename [ parameters ]

Run the given command 'filename' with the given parameters when the interface is set up or shut down respectively.

dhcp

Enables configuration of the interface using the DHCP protocol.

search domain-list

If present, the file /etc/resolv.conf will be truncated and the domain-list added as search list.

The search list was designed to make the users lives a little easier by saving them some typing. The idea is to search one or more domains for names given by the user that might be incomplete - that is, that might not be fully qualified domain names.

Multiple occurrences are not allowed but usage inside an interface sections to allow the interface and profile depended re-creation of /etc/resolv.conf is possible.

nameserver ip-address

If present, the file /etc/resolv.conf will be truncated and the ip-addresses added as name-servers. Multiple occurrences are allowed.

The keyword is also allowed inside an interface sections to allow the interface and profile dependent re-creation of /etc/resolv.conf.

hostname name

Allows dynamic configuration of the system's hostname. It does not change the static configuration (stored in /etc/HOSTNAME).

domainname name

Allows dynamic configuration of the system's domainname.

ip ip-address/netmask-bits

Set the given ip and netmask in CIDR notation (e.g. 192.168.5.1/24) when the interface is set up, remove all IPs from the interface when the interface is shut down. Of course the keyword can be used multiple times to set multiple IPs for an interface.

route target[/prefix] nexthop [ metric M ] [ ... ]

Set a route to the network or host specified via target[/prefix] via nexthop.

As optional parameters specifing metric M is supported - as well as passing any option ip supports. Of course the keyword can be used multiple times to set multple routes for an interface.

gw nexthop | [ metric M ] [ ... ]

Set the given gateway when the interface is set up, remove the gateway when the interface is shut down.

As optional parameters specifing metric M is supported - as well as passing any option ip supports.

essid any

essid name

Set the ESSID (or Network Name - in some products it may also be called Domain ID). The ESSID is used to identify cells which are part of the same virtual network.

[ nwid | domain ] name

[ nwid | domain ] off

Set the Network ID (in some products it is also called Domain ID). As all adjacent wireless networks share the same medium, this parameter is used to differentiate them (create logical collocated networks) and identify nodes belonging to the same cell.

freq frequency

channel number

Set the operating frequency or channel in the device. Value below 1000 are the channel number, value over this is the frequency in Hz. You must append the suffix k, M or G to the value (for example, '2.46G' for 2.46 GHz frequency), or add enough '0'.

sens value

Set the sensitivity threshold. This is the lowest signal level for which we attempt a packet reception, signal lower than this are not received. This is used to avoid receiving background noise, so you should set it according to the average noise level. Positive values are assumed to be the raw value used by the hardware or a percentage, negative values are assumed to be dBm.

mode [ Managed | Ad-Hoc ]

Set the operating mode of the device, which depends on the network topology. The mode can be Ad-hoc (network composed of only one cell and without Access Point), Managed (node connects to a network composed of many Access Points, with roaming),

ap mac-address

ap any

ap off

Force the card to register to the Access Point given by the address, if it is possible. When the quality of the connection goes too low, the driver may revert back to automatic mode (the card finds the best Access Point in range).

nick name

Set the nickname, or the station name. Most 802.11 products do define it, but this is not used as far as the protocols (MAC, IP, TCP) are concerned and completely accessory as far as configuration goes.

rate [ value [ auto ] ] | [ auto ]

For cards supporting multiple bit rates, set the bit-rate in b/s. The bit-rate is the speed at which bits are transmitted over the medium, the user speed of the link is lower due to medium sharing and overhead. You must append the suffix k, M or G to the value (decimal multiplier : 10\^3, 10\^6 and 10\^9 b/s), or add enough '0'. Values below 1000 are card specific, usually an index in the bit-rate list. Use auto to select the automatic bit-rate mode.

rts [ value | off ]

RTS/CTS adds a handshake before each packet transmission to make sure that the channel is clear. This adds overhead, but increase performance in case of hidden nodes or large number of active nodes. This parameters set the size of the smallest packet for which the node sends RTS, a value equal to the maximum packet size disables the scheme.

frag [ value | off ]

Fragmentation allows to split an IP packet into a burst of smaller fragments transmitted on the medium. In most cases this adds overhead, but in a very noisy environment this reduces the error penalty. This parameter sets the maximum fragment size.

[ key | enc ] off | on

[ key | enc ] key [ open | restricted ]

Used to manipulate encryption or scrambling keys and security mode.

To set the current encryption key, just enter the key in hex digits as XXXX-XXXX-XXXX-XXXX or XXXXXXXX. To create the hash out of a plain text passphrase the text must be prefixed with 's:'.

'off' and 'on' disable and reenable encryption.

The security mode may be 'open' or 'restricted', and its meaning depends on the card used. With most cards, in open mode no authentication is used and the card may also accept non-encrypted sessions, whereas in restricted mode only encrypted sessions are accepted and the card will use authentication if available.

power period value

power value unicast

power timeout value all

power off

power min period value [ max period value ]

Used to manipulate power management scheme parameters and mode. To set the period between wake up, enter period 'value'. To set the timeout before going back to sleep, enter timeout `value'. You can also add the min and max modifiers. By defaults, those values are in seconds, append the suffix m or u to specify values in milliseconds or microseconds. Sometimes, those values are without units.

txpower value

txpower off | auto

For cards supporting multiple transmit powers, set the transmit power in dBm. If W is the power in Watt, the power in dBm is P = 30 + 10.log(W). If the value is postfixed by mW, it will be automatically converted to dBm.

retry value

retry lifetime value

retry min limit value [ max limit value ]

Most cards have MAC retransmissions, and some allow to set the behaviour of the retry mechanism. To set the maximum number of retries, enter limit `value'. This is an absolute value (without unit). To set the maximum length of time the MAC should retry, enter lifetime `value'. By default, this value is in seconds, append the suffix m or u to specify values in milliseconds or microseconds.

commit

Some cards may not apply changes done through Wireless Extensions immediately (they may wait to aggregate the changes or apply it only when the card is brought up via ifconfig). This command (when available) forces the card to apply all pending changes. However, normally this is normally not needed.

accept ( all | ( tcp | udp ) port ) | ( ip addr )

reject ( all | ( tcp | udp ) port ) | ( ip addr )

drop ( all | ( tcp | udp ) port ) | ( ip addr )

Add the given simple firewalling rules.

When there are any 'accept', 'reject' or 'drop' statements in an interface section, the iptables module automatically adds a chain named 'firewall-ifname' to the iptables 'filter' table and adds a jump to that chain into the 'INPUT' chain using the incoming interface as condition. All 'accept', 'reject' and 'drop' statements add rules to that chain.

Those statements are executed before the other statements in the interface section when setting up the interface and are executed after the other statements when shutting down the interface. When 'udp' or 'tcp' is used a port must be specified. A textual port description as specified in /etc/services, such as 'ssh' or 'http', is also possible.

'Accept', 'reject' and 'drop' directly links to the associated netfilter target.

When shutting down the interface, the chain 'firewall-ifname' is simply flushed and removed from the iptables configuration.

See the section called “DHCP and Basic Firewalling” for example descriptions.

masquerade

Enable a special form of 'SNAT' (Source Network Address Translation) for use with dynamic dialup links.

clamp-mtu

Automatically clamp the MSS value to (path_MTU - 40). Mostly for use with masqueraded Cable or DSL modem connections, where PPPoE (Point-to-Point-tunneling-Protocol over Ethernet) with the resulting loss of the effective MTU is used.

ppp tty-name [ speed ] [ pppd-cmd-args ]

The ppp keyword starts the configuration of pppd for use over the tty specified. Optionally the speed (e.g. 115200 for serial modem lines) and additional command line arguments for the pppd daemon can supplied.

pppoe

The pppoe keyword enables the use of PPP over Ethernet for DSL or cable connections.

ppp-defaults

When ppp-defaults is specified reasonable default values are used for the ppp connection. The defaults are: noipdefault, noauth, hide-password, ipcp-accept-local, ipcp-accept-remote, defaultroute and usepeerdns - this will let the ppp daemon accept any IP address, set the default route, utilize the nameservers supplied by the peer.

ppp-speed-defaults

When this option is present additional defaults are used that are mostly used to improve speed and latency on fast links: default-asyncmap, noaccomp, nobsdcomp, nodeflate, nopcomp, novj, novjccomp and ktune. In addition lcp-echo-interval is set to 20 and lcp-echo-failure to 3.

chat-defaults

The keyword initializes the use of a chat script to talk with a modem.

chat-init

With chat-init the modem init string can be supplied - for example: "at&d2&c1";

chat-dial

Via chat-dial the modem dial sequence is set - for example: "atdt0192075"

ppp-on-demand idle-time-in-seconds

Use of 'ppp-on-demand' configures on-demand connection initiation as with an idle time given as first argument.

ppp-option all possible ppp options

Via 'ppp-option' any pppd option can be specified, including the most important ones:

For the other, seldom used option, please refer to the pppd(8) man-page.