I've uploaded Beta 6 for testing. Problem Corrected update:
1) Previously, NFACCT accounting rules generated iptables rules with
the matches in the incorrect order. That caused the counters to be
incremented before all of the matches had been checked. Now, the
counter in an NFACCT rule is incremented only if all of the other
matches have been successful.
To allow a nfobject to be incremented unconditionally, you may
follow the closing parenthesis with '!' (e.g., NFACCT(all)!). When
'!' is omitted, the object is incremented only if all of the rule's
matches succeed.
"!" is useful in the following rule:
NFACCT(all) - +fooset[src] +barset[dst](foobar)
In this rule, the 'all' nfacc counter is incremented
unconditionally while the foobar counter is only incremented if
the packet SOURCE address is in fooset and the DEST address is in
barset.
New Features:
1) The INLINE action is also supported in the accounting file. INLINE
is treated the same as COUNT with the exception that the freeform
iptables input following the ';' is appended to any matches
generated by the column contents. In the accounting file, INLINE
does not accept a parameter.
This change will cause the order of matches in iptables rules to be
different from in previously releases. Please report any
differences that you find that are not simple match reorderings.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
