Re: firewall + tcpdump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As you have said that all traffic hitting the interface is seen whether netfilter allows it or not, my question was how do I know whether the packets being sent get blocked?

Not sure quite what you by "in front or behind", however I can tell you that tcpdump works "closer to the wire" than netfilter, so it will see all traffic hitting the interface, whether netfilter allows it or not.



If it dumps traffic in front of a firewall, would anyone kindly suggest
a way to test the firewall?



Um, test it by sending packets which should be allowed, and making sure they are, then sending ones which should be blocked, and making sure they are?

Or have I misunderstood the question? How would you propose to use tcpdump to test the firewall anyway?

Regards,

Antony.






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux