On Wed, 2011-09-14 at 12:01 -0800, Travis Veazey wrote: > I have the following in /etc/shorewall/accounting: > > #"Red" interface traffic > red:COUNT - eth1 - > red:COUNT - - eth1 > DONE red > > The goal is to be tallying all traffic that hits my "red" (i.e. > external) interface, whether Shorewall ends up dropping, rejecting, or > accepting it. However, this seems to only be counting traffic that is > actually accepted (including traffic that is forwarded through the > firewall, both directions, obviously). > > Is there some modification I can make to this set of rules to track > all traffic that reaches the interface? Or, maybe more ideally, is > there a way to write accounting rules that include only dropped or > rejected traffic? Or am I just flat wrong and this actually IS doing > what I want it to already? >
Accounting occurs before any filtering rules are processed. As a result, it accounts for all packets, whether actually passed or not. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
