Date: Tue, 10 May 2011 23:49:34 +0200 From: Nicolas GRENECHE <nicolas.greneche@gmail.com> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: freebsd-pf@freebsd.org Subject: Re: Filtering on a sensor dedicated interface Message-ID: <BANLkTimvzyYDTp0DYBbD%2BzcmDZ4b4XE8pQ@mail.gmail.com> In-Reply-To: <20110510173853.GA17049@insomnia.benzedrine.cx> References: <BANLkTimd5=wzH7dLKKb98jKR3Bmix%2Bx3SQ@mail.gmail.com> <20110510173853.GA17049@insomnia.benzedrine.cx>
index | next in thread | previous in thread | raw e-mail
2011/5/10 Daniel Hartmeier <daniel@benzedrine.cx>: > On Tue, May 10, 2011 at 06:45:08PM +0200, Nicolas GRENECHE wrote: > >> Regarding tcpdump, packets seems to go through the interface. Why does >> pf doesn't see them ? > > The destination MAC addresses of the ethernet frames do not match the > firewall's. > > By putting the interfaces into promiscuous mode, the frames are copied > to BPF readers (like tcpdump), but the host then ignores the frame. > Since the host is neither the recipient nor bridging, there is no reason > to pf filter the packet, as the frame will be dropped anyway. > > I guess you could add the interfaces to bridges or some such construct, > to get pf filtering involved. It depends on WHY you want pf to filter > something you don't want to forward, i.e. what would be the purpose of > the packet showing up on pflog. > > Daniel > Thanks a lot Daniel you put me on the right way ! The reason was that I set up the bridge with "monitoring" option which only let bpf readers aquire network and drop packet. Now It works perfectly. Regards,home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTimvzyYDTp0DYBbD%2BzcmDZ4b4XE8pQ>