Date: Fri, 25 Aug 2000 15:44:48 +1000 From: Peter Jeremy <peter.jeremy@alcatel.com.au> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw & ospf Message-ID: <00Aug25.154449est.115389@border.alcanet.com.au> In-Reply-To: <Pine.GSO.3.96.1000824215705.3327A-100000@roble2.roble.com>; from marquis@roble.com on Thu, Aug 24, 2000 at 09:58:31PM -0700 References: <Pine.GSO.3.96.1000824215705.3327A-100000@roble2.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2000-Aug-24 21:58:31 -0700, Roger Marquis <marquis@roble.com> wrote: >Does anyone know why trafshow/tcpdump still reports OSPF traffic >after the application of these ipfw rules? > > /sbin/ipfw add 115 deny ospf from any to any > /sbin/ipfw add 115 deny all from 224.0.0.0/8 to any The BPF tap points used for trafshow/tcpdump are on the LAN side of the filtering rules, so you will still see OSPF traffic generated on the LAN. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00Aug25.154449est.115389>