iptables and arpd - Jeffrey B. Murphy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Jeffrey B. Murphy" <jbmurphy@gmail.com>
To: netfilter@lists.netfilter.org
Subject: iptables and arpd
Date: Thu, 31 Mar 2005 14:04:36 -0500	[thread overview]
Message-ID: <89629fe005033111041b245b9d@mail.gmail.com> (raw)

I sent this to the honeypots list but I got no takers. I was hoping
someone here might be able to help me. My question involves the
interaction between iptables and arpd. arpd is used in the honeyd
project (http://www.honeyd.org/tools.php).

I have a fedora core 3 box and I have the following iptables script:

# IptablesScript
iptables -F
iptables -X

# Set Default Policy to drop everything
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

I believe that this should block all traffic going to and from the
machine (Ip address of 192.168.0.3)
So I ping 192.168.0.3 and get no response back (As I expected)

When I add arpd into the mix with honeyd bound to the arpd ip (192.168.0.5)

I ping the arpd/honeyd IP of 192.168.0.5 from a different machine and
I get no response back (as I expected)

BUT my honeyd sees the traffic:
honeyd[PID]: Sending ICMP Echo Reply: IPAddyOfHoneyPot -> SourceMachine
honeyd[PID]: couldn't send packet: Operation not permitted

So I don't understand why the traffic is getting to the arpd/honeyd
process if my iptables is dropping everything?
I understand why I am getting the "honeyd[PID]: couldn't send packet:
Operation not permitted" as the default OUTPUT chain is drop. But why
is the traffic getting by my INPUT chain?

I realize that arpd and honeyd are not applicable to the list, but I
received no replies (I guess I am out of karma) on the honeyd list or
from the maintainer of the arpd project.

Any help is appreciated.
And Thanks.

                 reply	other threads:[~2005-03-31 19:04 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=89629fe005033111041b245b9d@mail.gmail.com \
    --to=jbmurphy@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.