Hello
On Sun, Sep 11, 2005 at 02:09:36PM -0300, Carlos Carvalho wrote:
>
> The file /etc/flow-tools/cfg/filter.cfg supplied with the package
> contain filter definitions with variable binding such as:
>
> filter-primitive VAR_ADDR
> type ip-address
> permit @{ADDR:-0.0.0.0}
>
> and
>
> filter-definition ip-dst-addr
> match ip-destination-address VAR_ADDR
>
> They don't work because the primitive is named VAR_ADDR but the permit
> line uses only ADDR.
>
>
I am pretty sure you haven't followed the examples correctly.
This is an example of a proper use of nfilter with ip-src-addr (or
ip-dst-addr same thing)
$flow-cat ft-v05.2005-09-01.05* | flow-nfilter -f
/etc/flow-tools/cfg/filter.cfg -F ip-src-addr -v ADDR=193.231.32.85 |
flow-print
(carefull about the wrapping)
As you can see you do not expand VAR_ADDR but ADDR. VAR_ADDR is the
primitive name.
> Finally, the "-" after the ":" in the default specification is
> necessary to avoid a syntax error but it's not mentioned in the man
> page.
>
This is true. I will report it upstream, maybe make a patch for debian
manpage until a new version is released.
> I made everything work in my installation by removing the VAR_ prefix
> of the variable bindings but this might be considered fixing the
> symptom and not the cause.
You don't have to do this.
Radu
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
