Re: How does packet capture interact with firewalls?

[Phil Vandry <vandry () TZoNE ORG>]

On Wed, 23 Sep 2009 14:01:53 -0400, Robert Burgess wrote:
> iptables firewall) and they still appear in my pcap program (the first
> half), but when I try to reinject, depending on what setup I try, either
> the injected packets get dropped too, or they get injected correctly but
> also recaptured, leading to an infinite loop.  Is there any way to, say,
> capture and drop in one direction, and inject in another direction,

This sounds like it would be easy and would work fine as long as you
are capturing on one interface and injecting on a different one. You
might even be able to avoid using iptables at all in that scenario by
just turning off IP forwarding on the system, and that's pretty portable.

It sounds like you are capturing and injecting on the same interface
(otherwise you wouldn't get that infinite loop). Is that really what
you need to do?

-Phil
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.