[Honeywall] Roo 1.2 connections and events (compared to 1.1)

Rob McMillen rvmcmil at gmail.com
Fri Jun 29 09:32:12 EDT 2007


> I must see connections and events from "intruder" regardless of BPF?

Yes, as long as they are to or from the ip addresses in the
HwHPOT_PUBLIC_IP variable.

> Sorry, I now revert to 1.1. I'll try to install 1.2 and run ps...
> In 1.1 I see connections from honeypots, to honeypots from "intruder"
> and from local subnet IPs which is not listed in "IP Address(es) of your
> honeypots" fields in Whalley.

This is what the BPF filter fixes.  It enables the honeywall to only
capture traffic to or from the honeypots.


More information about the Honeywall mailing list