Yes, if you're monitoring the external interface with tcpdump, you'll see the packets before they're processed by the firewall.
On Mon, Apr 13, 2009 at 12:48 AM, Michael Potocki <[email protected]> wrote: > Hello, > > I have a fairly simple question that I can't seem to get an answer on, or > not looking in the right place. > > I have APF(firewall) installed on a server and have configured a number of > rules to drop certain hosts silently. > > The question I have, does "tcpdump" see the packets coming in before the > firewall rules are applied or after the firewall rules are applied? > > The reason I am asking this is because when I look at "tcpdump" I still see > packets coming in from certain IPs that have been added in as "DROP" > silently in APF. I have done all the configuration changes and restarted > the service to make sure everything is active from the new configs with APF. > > I want to make sure the packets are actually getting dropped or somehow is > the configuration still letting packets through! > > > Thanks for your time, > Michael > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- | It ain't what you don't know that gets you into trouble. It's what | you know for sure that just ain't so. -- Mark Twain | | Network: http://www.linkedin.com/in/spditner | http://facebook.com/people/Simon-P-Ditner/776370031 | http://twitter.com/spditner --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
