From owner-freebsd-questions@FreeBSD.ORG  Thu Jul 22 21:39:03 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6180716A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 22 Jul 2004 21:39:03 +0000 (GMT)
Received: from smtp1.is.depaul.edu (smtp.depaul.edu [140.192.20.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2C83F43D3F
	for <freebsd-questions@freebsd.org>;
	Thu, 22 Jul 2004 21:39:03 +0000 (GMT)
	(envelope-from abaran1@depaul.edu)
Received: from gwia-loop-1.srv.depaul.edu (gwia-loop-1.srv.depaul.edu
	[140.192.14.25])
	by smtp1.is.depaul.edu (Postfix) with ESMTP id AEE7677283
	for <freebsd-questions@freebsd.org>;
	Thu, 22 Jul 2004 16:38:31 -0500 (CDT)
Received: from GWIA1MTA-MTA by gwia-loop-1.srv.depaul.edu
	with Novell_GroupWise; Thu, 22 Jul 2004 16:40:26 -0500
Message-Id: <s0ffedfa.071@gwia-loop-1.srv.depaul.edu>
X-Mailer: Novell GroupWise Internet Agent 6.5.2 Beta
Date: Thu, 22 Jul 2004 16:40:14 -0500
From: "Andy Baran" <abaran1@depaul.edu>
To: <freebsd-questions@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: Packet filters
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2004 21:39:03 -0000

This question sounds like it has an easy answer at first but please bear
with me.  I am going to setup a network tap to monitor network traffic
flows.  The machine will be running FreeBSD 4.10 and has two NICs.  One
interface will be used for management and the other will be to collect
the flows.  Obviously, security is a concern with a machine of this
nature so I need to setup a firewall on the management interface. 
However, I need to be absolutely sure that the firewall will not be
handling any of the packets on the second interface.  I am well aware
that IPFW and IPF can both be setup to monitor only a specific
interface.  However, I'd like verification from someone familiar with
the code for either that the filter will not touch packets on the
interface being used as a tap.  My apologies if I'm posing this question
to the wrong list.  If I am please let me know whom I should be asking. 
Thanks in advance for any replies. 


-----------------------------
+Andy Baran ................................... abaran1@depaul.edu
+DePaul Computer Security Response Team http://security.depaul.edu
---------------------------