How possible would it be to add the ability to log connection tracking information? Specifically something that did summary logging about individual connections. It would be useful to be able to log at the conclusion of a connection src/dst IPs/ports, number bytes/packets moved, length of time the connection existed, and perhaps if the connection ended in some abnormal manner.
It seems like netfilter would be an excellent place to gather this information and would provide an excellent addition to an integrated intrusion detection system. Plus, you could make pretty statistics and graphs by compiling the log data. :) How hard would it be to adapt the state module to do this? Comments on whether this would actually be useful? Thanks, Alex
