[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf question

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: pf question
From: Stavros Filargiropoulos <sf_(_at_)_alphanet_(_dot_)_gr>
Date: Tue, 29 Jun 2004 15:39:42 +0300

odin_(_at_)_cleannorth_(_dot_)_org wrote:

although I try to block incoming spoofed packets with address
127.0.0.1/8 when i run snort on xl0 I get the following:
[**] [1:528:3] BAD TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2]


snort uses a bpf interface.  Last I recall, this was low-level enough that
it happens before pf (ie it sees everything regardless of pf rules).  I
think that'd explain what you're seeing.

-Dan

That's what i thought at fisrt, but I can not find the packet in the logs either... (block return in log quick....)

References:
- pf question
  - From: Stavros Filargiropoulos

Prev by Date: Re: pf question
Next by Date: Re: recommended partitioning for a obsd firewall
Previous by thread: Re: pf question
Next by thread: Re: pf question
Index(es):
- Date
- Thread

Visit your host, monkey.org