Re: filters RFE

John G. Thompson (jgt10@livingston.com)
Thu, 10 Oct 1996 13:27:14 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "PM 3 experiences ?? (fwd)"
Previous message: MegaZone: "Accusations (fwd)"
In reply to: thoth@purplefrog.com: "filters RFE"
Next in thread: patrick@value.net: "Re: Accusations (fwd)"

On Thu, 10 Oct 1996 thoth@purplefrog.com wrote:
>
> A copy goes to support so they can file the RFE
>
> I'm trying to debug some packet filters and I realized that the packet
> tracing needs some extra info.
>
> Despite the fact that the output filter has this:
>
> 25 permit 207.100.0.16/28 207.100.0.3/32 tcp src eq 23
> 26 deny 207.100.0.16/28 0.0.0.0/0 tcp src eq 23
>
> The following packets still seem to be able to penetrate eth0.
>
> TCP from 207.100.0.16.23 to 207.100.0.2.1809 seq 80, ack 0x8D918D34, win 2048, ACK
> TCP from 207.100.0.16.23 to 207.100.0.2.1809 seq 80, ack 0x8D918D34, win 2048, PUSH ACK , 50 bytes
> TCP from 207.100.0.16.23 to 207.100.0.2.1809 seq B2, ack 0x8D918D37, win 2048, ACK

You have the same assumption I had, that packet tracing occurs after
filtering. Unfortunately, packet tracing occurs BEFORE filtering.

JGT

--
John G. Thompson      Livingston Enterprises Inc.    Phone: (800) 458-9966
JOAT(MON)             6920-220 Koll Centre Pkwy.       Fax: (510) 426-8951
support@livingston.com Pleasanton, CA 94566      http://www.livingston.com

Next message: MegaZone: "PM 3 experiences ?? (fwd)"
Previous message: MegaZone: "Accusations (fwd)"
In reply to: thoth@purplefrog.com: "filters RFE"
Next in thread: patrick@value.net: "Re: Accusations (fwd)"