So, at the end of my long list of (old-style) accounting rules I have a "catch-all":
acc_unknown - $CGCOIF br-lan:0.0.0.0/0
acc_unknown - br-lan:0.0.0.0/0 $CGCOIF
DONE - - br-lan:0.0.0.0/0
DONE - br-lan:0.0.0.0/0
COUNT acc_unknown $CGCOIF br-lan
COUNT acc_unknown br-lan $CGCOIF
meant to account for anything that didn't get accounted for above it.
The accounting rule above that are all working just fine, however this
catch-all doesn't seem to get anything in it as you can see:
Chain acc_unknown (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- eth1 br-lan 0.0.0.0/0 0.0.0.0/0
0 0 all -- br-lan eth1 0.0.0.0/0 0.0.0.0/0
Chain accounting (3 references)
pkts bytes target prot opt in out source destination
...
0 0 acc_unknown all -- eth1 br-lan 0.0.0.0/0 0.0.0.0/0
0 0 acc_unknown all -- br-lan eth1 0.0.0.0/0 0.0.0.0/0
11988 941K RETURN all -- * br-lan 0.0.0.0/0 0.0.0.0/0
786 36304 RETURN all -- br-lan * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- eth1 * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:acct:DROP:'
0 0 LOG all -- * eth1 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `Shorewall:acct:DROP:'
Am I doing something wrong?
Cheers,
b.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
