Configuration Reference - trapping
blacklist (text)
detection (toggle)
Default: disabled
Options: enabled|disabled
Enables snort-based worm detection. If you don't have a span interface available, don't bother enabling it. If you do,
you'll most definately want this on.
immediate (toggle)
Default: disabled
Options: enabled|disabled
Enable this if you want to see lots of "IP conflict boxes on Windows systems! On detection of a violation, a spoofed GARP
(gratitous ARP) is sent to the offending system. This causes it to think another system is using its IP address and, under
Windows 2000, causes it to disable its IP stack. When the user manages to get the system back on the wire (ipconfig
/release, reboot, etc) he/she will be assigned an address from the isolation scope.
passthrough (toggle)
Default: iptables
Options: iptables|proxy
Method by which content is delivered to trapped systems. When set to "proxy", PacketFence uses Apache's reverse proxy
functionality and the mod_proxy_html module to rewrite links. Note that links external servers will not be properly
rewritten. When set to "iptables", PacketFence creates passthroughs to the content for only those nodes trapped with the
corresponding violation. Be aware that an iptables passthrough is based on IP address and clients will be able to get to
ALL content on the destination site.
range (text)
Default: 192.168.0.0/24
Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and
broadcast addresses are ignored.
redirecturl (text)
Default: http://www.packetfence.org
Default URL to redirect to on registration/mitigation release. This is only used if a per-violation redirecturl is not
defined.
redirlocal (toggle)
Default: disabled
Options: enabled|disabled
Typically best to leave this disabled unless you are having problems and understand why you need this.
redirtimer (time)
Default: 10s
How long to display the progress bar during trap release. Setting it to a value of 5 or higher is recommended
when in passive mode. Doing so allows the client time to receive and process the redirection ARP sent by PacketFence.
registration (toggle)
Default: disabled
Options: enabled|disabled
If enabled, nodes will be required to register on first network access. Further registration options are configured in the
registration section.
testing (toggle)
Default: enabled
Options: enabled|disabled
Disables sending of ARPs - note that this has implications on node detection and timeouts.
whitelist (text)
Default:
Comma-delimited list of MAC addresses that are immune to registration/trapping and are always allowed to pass. Useful for
monitored switches, etc.