From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pascal Hambourg Subject: Re: Iptables rule on span traffic Date: Sat, 21 Apr 2007 23:20:20 +0200 Message-ID: <462A8014.6000105@plouf.fr.eu.org> References: <1177172639.25008.1.camel@anduril.intranet.cartel-securite.net> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="iso-8859-1"; format="flowed" To: netfilter@lists.netfilter.org Hello, Krishnamoorthy (Siva) Sivakumar a =E9crit : >=20 > When I run this rule, and try to access a .txt file (with a web > browser on a different machine) on the machine running the iptables, I > get a log message and the file access is blocked. However, if I try to > do the same but for a .txt file residing on a third machine (machine > running iptables is able to see the related packets on its interface > connected to the span port), I see no log or blocking.=20 As C=E9dric said, packets which are not destined to the box do not go=20 through the INPUT chains. And since the box is not forwarding traffic,=20 these packets are dropped at the input routing decision stage and do not=20 go through the FORWARD chains either.