Hi, I use for such purpose ipfm (http://freshmeat.net/projects/ipfm/?topic_id=862). It writes one file as output and you can see there IP,input bytes,output bytes,total for a given period of time (sorted as you wish). Such output is easy to load to mysql (or other DB), or, if there is not many records, you can create ipchains rules direct by parsing raw file. If you need traffic per service (I mean if there is a lot of different traffic and you need only http) ipfm can not help you.
Another way is to use ipchains counters. But then you need a rule for every IP. Regards, Martynas On Thu, 2002-12-12 at 17:08, Marco Antonio wrote: > Hi all, > > Here we have a debian firewall with 3 interfaces (in, out & dmz) running > ipchains. > > Now we are facing a problem: some people are making 'automated searches' on > our www server -an ugly IIS5 :), and we intend to block this kind of search. > I was thinking about blocking it on the firewall, this way: regularly I would > collect some stats about the traffic, and if some client IP reaches a > 'limit', I would re-run the firewall script and block that IP. > > Well, here goes my ask for help: can anybody give me some simple clues on how > to collect those stats? I really don't know a lot about ipchains, but can it > do the job? How? Or will I need another package like ipac or something? > What I really need is something like a file with three fields, "Client IP, > Time elapsed, Number of bytes" that I can process. > I tried ipac, but it seemed so difficult to me to use it... > > Thanks in advance. > > -- > __________________________________________________________ > Sign-up for your own FREE Personalized E-mail at Mail.com > http://www.mail.com/?sr=signup > > One click access to the Top Search Engines > http://www.exactsearchbar.com/mailcom > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
