[Honeywall] Roo 1.2 connections and events (compared to 1.1)
rvmcmil at gmail.com
Fri Jun 29 09:32:12 EDT 2007
> I must see connections and events from "intruder" regardless of BPF?
Yes, as long as they are to or from the ip addresses in the
> Sorry, I now revert to 1.1. I'll try to install 1.2 and run ps...
> In 1.1 I see connections from honeypots, to honeypots from "intruder"
> and from local subnet IPs which is not listed in "IP Address(es) of your
> honeypots" fields in Whalley.
This is what the BPF filter fixes. It enables the honeywall to only
capture traffic to or from the honeypots.
More information about the Honeywall