[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: iptraf filter problems

To: iptraf-users@seul.org
Subject: Re: iptraf filter problems
From: Gerard Paul Java <riker@seul.org>
Date: Mon, 9 Dec 2002 21:07:17 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: iptraf-users-outgoing@seul.org
Delivered-to: iptraf-users@seul.org
Delivery-date: Mon, 09 Dec 2002 21:07:19 -0500
In-reply-to: <1039188711.10782.36.camel@crasher.secdog.com>
Reply-to: iptraf-users@seul.org
Sender: owner-iptraf-users@seul.org

Hi Mark,

> ----
> 10.10.1.3			10.0.0.65
> 255.255.255.255 		255.255.255.255
> port 22				port 0
> 
> E

This one looks good.
> 
> ----
> 10.10.1.0			0.0.0.0
> 255.255.255.0			0.0.0.0
> port 0				port 0
> 
> E

This one seems to block out all traffic from 10.10.1.x.  Is this what you 
really want?

> 
> ----
> 10.10.1.3			0.0.0.0
> 255.255.255.255			0.0.0.0
> port 0				port 0
> 
> E

This one also appears to block out all traffic from your 10.10.1.3 host.
> 
I think what's happenning here is because filters implicitly "block" 
packets you don't specify.  What you should do is first define a list of 
filters you do want to exclude, then at the very end of the filter list, 
specify a filter with 0.0.0.0/0.0.0.0/0 for both source and destination, 
and I for include/exclude.  This will allow everything else.

Follow-Ups:
- Re: iptraf filter problems
  - From: Mark J de Jong <dejongm@secdog.com>

References:
- iptraf filter problems
  - From: Mark J de Jong <dejongm@secdog.com>

Prev by Date: iptraf filter problems
Next by Date: Re: iptraf filter problems
Previous by thread: iptraf filter problems
Next by thread: Re: iptraf filter problems
Index(es):
- Date
- Thread