Shorewall and tcdump

[gbe54]

Hi,

A few time ago I tried to record a UDP multicast with a software of mine. This software won't work until I opened the right port with shorewall.
But tcpdump and ethereal managed to get the broadcast despite the port being blocked by the firewall.

I can't understand why. Any Idea ?

Thanks in advance.

GBE

[jdh]

Shorewall generate netfilter instructions from its configuration files. The result is like ANY script directly written with iptables instructions.

I imagine (and I can see) software like tcpdump, nmap, ethereal acting at an upper level are running in the context set by Shorewall. And if a rule is designed for dropping/rejecting network flows in Shorewall, it's NOT possible to listen these flows with these tools.

Netfilter is deeply inside the kernel and its ip-stack. So, tools using ressources of the stack, even in promiscious mode, must follow the rules designed by settings of netfilter. (Better "receives the network packets allowed by netfilter rules").

IMHO.

[tomtom]

Hello,

Please use french language in this forum !

Sorry if you don't speak french, we do not allow english questions here as our forums are to be red by people not speaking english.


t.