[Honeywall] Roo 1.2 connections and events (compared to 1.1)

Rob McMillen rvmcmil at gmail.com
Fri Jun 29 09:32:12 EDT 2007


KostyaK,

> I must see connections and events from "intruder" regardless of BPF?

Yes, as long as they are to or from the ip addresses in the
HwHPOT_PUBLIC_IP variable.

> Sorry, I now revert to 1.1. I'll try to install 1.2 and run ps...
> In 1.1 I see connections from honeypots, to honeypots from "intruder"
> and from local subnet IPs which is not listed in "IP Address(es) of your
> honeypots" fields in Whalley.

This is what the BPF filter fixes.  It enables the honeywall to only
capture traffic to or from the honeypots.

Rob


More information about the Honeywall mailing list