-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Pascal Hambourg
Sent: Saturday, April 21, 2007 2:20 PM
To: netfilter@lists.netfilter.org
Subject: Re: Iptables rule on span traffic
Hello,
Krishnamoorthy (Siva) Sivakumar a écrit :
>
> When I run this rule, and try to access a .txt file (with a web
> browser on a different machine) on the machine running the iptables, I
> get a log message and the file access is blocked. However, if I try to
> do the same but for a .txt file residing on a third machine (machine
> running iptables is able to see the related packets on its interface
> connected to the span port), I see no log or blocking.
As Cédric said, packets which are not destined to the box do not go
through the INPUT chains. And since the box is not forwarding traffic,
these packets are dropped at the input routing decision stage and do not
go through the FORWARD chains either.
[Siva:]
Then is it true that for iptables rules to be effective (fwsnort generated or
otherwise), the machine must be "inline". Is there no way to implement iptables
rules on "mirrored" traffic.
Siva
|