On 17/05/2011 21:18, Tom Eastep wrote: > On 05/17/2011 02:27 AM, Ed W wrote: > >> I accept your reply that it's not straightforward for now! > > As I stated, to do as you suggest (COUNT:NFLOG... or DONE:...) would be > considerable work. To simple add an NFLOG 'ACTION' to the accounting > file is trivial. The attached patch does it. > > NFLOG[(...)] chain source ... > > This will be in 4.4.20 along with the ability to add your accounting > rules in the mangle table rather than the filter table. The latter will > allow accounting rules in PREROUTING and POSTROUTING.
Thanks Tom, I need to study this, but it looks exactly spot on? My goal is simply to get a simple entry that logs every single packet that goes in/out of the internet route. I think the limitations you list are pretty much as expected because NFLOG is really intended for more course logging and you can rely on your log demon to help with aggregation and filtering. I don't particularly expect to filter the input to nflog, although perhaps some folks might use some very course filtering (interface, protocol)? In fact I think it's more the reverse - if you are NFLOGing then probably you are trying to centralise some fairly course grained logging. If you want to trace very specific packets, then probably adding the entry to the rule table makes more sense? Still learning my way around shorewall, so might be completely missing the point. Many thanks Ed W P.S. Just checking that this can't be done through the rules table - the docs suggest that it's not possible to have a "log" only rule there, ie something which matches but doesn't influence packet destination or stop the flow of processing? ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
