Filtering on a sensor dedicated interface
Nicolas GRENECHE
nicolas.greneche at gmail.com
Tue May 10 21:49:35 UTC 2011
2011/5/10 Daniel Hartmeier <daniel at benzedrine.cx>:
> On Tue, May 10, 2011 at 06:45:08PM +0200, Nicolas GRENECHE wrote:
>
>> Regarding tcpdump, packets seems to go through the interface. Why does
>> pf doesn't see them ?
>
> The destination MAC addresses of the ethernet frames do not match the
> firewall's.
>
> By putting the interfaces into promiscuous mode, the frames are copied
> to BPF readers (like tcpdump), but the host then ignores the frame.
> Since the host is neither the recipient nor bridging, there is no reason
> to pf filter the packet, as the frame will be dropped anyway.
>
> I guess you could add the interfaces to bridges or some such construct,
> to get pf filtering involved. It depends on WHY you want pf to filter
> something you don't want to forward, i.e. what would be the purpose of
> the packet showing up on pflog.
>
> Daniel
>
Thanks a lot Daniel you put me on the right way !
The reason was that I set up the bridge with "monitoring" option which
only let bpf readers aquire network and drop packet.
Now It works perfectly.
Regards,
More information about the freebsd-pf
mailing list