Carlos Barros wrote:
> I'm quite new to firewalling rules...
>
> My question is: Using Kernel accounting which are the rules for:
>
> Log all trafic separated in:
> - trafic going outside the localnet separate by protocol
> - trafic comming from outside of the localnet separate by protocol
>
> So the acounting does not log any packet to the localnet.
First, the accounting rules provide cumulative totals; you can
configure any rules (input, output, forwarding or accounting) to log
matching packets.
Second, you cannot classify packets according to protocol; there is no
way that the IP layer can know which protocol is used.
You can classify packets according to port number. This sometimes
correlates (e.g. if one of the ports is 25, then it's probably SMTP
etc).
You cannot generally identify FTP data packets, as both port numbers
may be ephemeral. You can typically classify FTP control packets, as
one of the ports will be 21. However, this isn't much use, as most of
the traffic is sent over the data channel rather than the control
channel.
Also, whilst some protocols have a `standard' port number, many can be
run on other ports instead.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
