|
|||
PF filtering on VIMAGE/VNET device
I have strange issue which i really cant nail it - trying to do it for months - to set up honeypot within a jail.
I cant filter the traffic coming from jail to host running jails. Outgoing traffic to any other pysical host on internal networks works nicely but once i try to prevent traffic from jail to host it fails miserably. The funny thing is that running tcpdump -i vnet0:3 is showing the traffic but pf doesnt block it. block quick on vnet0:3 proto tcp from $jail_ip to any There is one way i can do it, to actually block traffic on physical interface as 'in' rule but this seems clumsy. The rule blocks fine if i try to access internet/internal network but fails if i try to access host. Additional problem i have is writting rules, device is composed out of vnet0:<jail id> and the id is changing, how to fix this except scripting it? Thank you for your help (or even reading this ) |
|
|||
fixed in 12.0
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
pf filtering | phyro | OpenBSD Security | 2 | 19th March 2013 09:05 AM |
PF - packets filtering by length? | magnesik | OpenBSD Security | 3 | 3rd July 2011 12:46 PM |
Web content filtering | Crypt | FreeBSD Security | 14 | 14th December 2008 02:38 PM |
identifying device associated with USB device? | spiderpig | OpenBSD General | 2 | 7th July 2008 05:18 AM |