Date: Tue, 10 May 2011 19:38:53 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Nicolas GRENECHE <nicolas.greneche@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Filtering on a sensor dedicated interface Message-ID: <20110510173853.GA17049@insomnia.benzedrine.cx> In-Reply-To: <BANLkTimd5=wzH7dLKKb98jKR3Bmix%2Bx3SQ@mail.gmail.com> References: <BANLkTimd5=wzH7dLKKb98jKR3Bmix%2Bx3SQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 10, 2011 at 06:45:08PM +0200, Nicolas GRENECHE wrote: > Regarding tcpdump, packets seems to go through the interface. Why does > pf doesn't see them ? The destination MAC addresses of the ethernet frames do not match the firewall's. By putting the interfaces into promiscuous mode, the frames are copied to BPF readers (like tcpdump), but the host then ignores the frame. Since the host is neither the recipient nor bridging, there is no reason to pf filter the packet, as the frame will be dropped anyway. I guess you could add the interfaces to bridges or some such construct, to get pf filtering involved. It depends on WHY you want pf to filter something you don't want to forward, i.e. what would be the purpose of the packet showing up on pflog. Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110510173853.GA17049>