On 26/03/2014 16:31, Brian Candler wrote:
> from my opinion about pf isolating
> the $dstip is not functional since basically you are creating a DDoS for a
> client.
Yes, I think you're right. This is only really useful for testing
PacketFence; maybe a better way is to have a test web page which makes
a carefully-crafted POST to trigger the isolation.
I found a better way to test it. If you go to
http://some.web.server/crack.1.exe
this triggers rule 2010059, and if you add a violation for this, the
port does get quarantined.
Regards,
Brian.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
