Subject: Re: loopback routes
To: None <>
From: Andrew Brown <>
List: tech-net
Date: 05/06/2000 00:29:59
>>>>>	I still do not understand your goal... anyway,
>>>>sorry, i didn't really go into that yet.  i wanted to create a "null"
>>>>network interface, similar to that which one might find on a cisco.
>>>>useful for blackhole routing, ipfiltering (yes, really!), etc.
>>>	for example, is this insufficient for your goal?
>>>	# route add -inet -reject
>>okay, that'll blackhole the packets, but i wanna sniff 'em.
>	this is possible.
>	# ifconfig lo0
>	# ifconfig lo1
>	# route add -inet -netmask 0xff000000 -reject
>	# route change -inet -netmask 0xff000000 -ifp lo1
>	# tcpdump -n -i lo1 &
>	# ping -n

i was thinking more along the lines of:

   # ipf -Fa -f -
   (rules rules rules until i get to my catch all at the bottom)
   pass in quick all on ex0 to lo1 from any to any

and then start "tcpdump -w/var/log/blocked -s2000 -ilo1" from rc.d so
that i can examine the packets later.  tcpdump's syntax for dealing
with packets is far superior to ipmon's output and grep.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."