On Wed, Sep 14, 2011 at 12:37 PM, Tom Eastep <[email protected]> wrote: > On Wed, 2011-09-14 at 12:01 -0800, Travis Veazey wrote: >> I have the following in /etc/shorewall/accounting: >> >> #"Red" interface traffic >> red:COUNT - eth1 - >> red:COUNT - - eth1 >> DONE red >> >> The goal is to be tallying all traffic that hits my "red" (i.e. >> external) interface, whether Shorewall ends up dropping, rejecting, or >> accepting it. However, this seems to only be counting traffic that is >> actually accepted (including traffic that is forwarded through the >> firewall, both directions, obviously). >> >> Is there some modification I can make to this set of rules to track >> all traffic that reaches the interface? Or, maybe more ideally, is >> there a way to write accounting rules that include only dropped or >> rejected traffic? Or am I just flat wrong and this actually IS doing >> what I want it to already? >> > > > Accounting occurs before any filtering rules are processed. As a result, > it accounts for all packets, whether actually passed or not. > > -Tom
Ha! Well, doesn't that just make things so very easy? And just to clarify, this does not apply -- at least not in the same way -- to accounting rules that look at packets which e.g. enter on eth0 and leave on eth1, right? For example, the rule: traffic:COUNT - eth1 eth0 would only count packets that actually get routed through (i.e. get accepted and routed), and would not count packets that hit eth1 but are then dropped or rejected, right? ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
