On 02/02/2013 05:59 PM, Mr Dash Four wrote: > Are ipsets implemented in "accounting"? According to the man page > that isn't the case. If so, would it be possible for this to be > added?
ipsets are already supported. > > Also, currently only interface-based accounting is possible. Was > there any reason for doing this instead of using zones as is the case > everywhere else? Zones are security-oriented objects. So for uses which don't deal with traffic authorization, zones aren't supported. Plus the cost of adding zone support to one of the files is high. Is it possible for zones to be introduced in "accounting"? Possible, but I really don't want to do it. > > One last query regarding this: provided I use > ACCOUNTING_TABLE=mangle, the way I understand it I could use either > PREROUTING, INPUT, OUTPUT, FORWARD and POSTROUTING sections (with no > chain specified) or no sections and the chain specified as one of > accountin, accountout, accountfwd, accountpre and accountpost, but I > cannot mix-and-match (in other words, use accountpost chain in > PREROUTING section) is that correct? No. When the file is sectioned, the default chain (when '-' appears in the CHAIN column) are accountin, accountout, ....; but you can still specify them explicitly if you choose. I don't recommend an un-sectioned accounting file. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
