On 8/08/09 02:22 PM, Ivan Klimek wrote:
Hi guys,
I am trying to block certain type of traffic but capture it in the process. I would like to use the "to" keyword in ipf but I cant get it working.
What I am doing:
ipf -E
ipf -f /path/to/config
ipfstat -noi
@1 block out quick on any to lo0 proto tcp from any to any port < 1024
@1 block in quick on any to lo0 proto tcp from any to any port < 1024
-> that rule is from: http://docs.hp.com/en/5991-7705/ch05s08.html
svcadm refresh network/ipfilter
to check what it is doing I am listening on lo0 with snoop in promiscuous mode.
The problem is, no traffic ever reaches lo0, nor no traffic is blocked at all
...
I have a feeling a miss some pretty important detail somewhere.
You need to add this at the top of /path/to/config:
set intercept_loopback true;
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
