Hmmm, You are not wrong, it seems You are totally right.
At least I can not see x.x.x.38 in flow after changing OR to AND
during last 10 mins.
Thanks a lot.
--
Bests,
Karen
Joe Loiacono wrote:
[EMAIL PROTECTED] wrote on 01/21/2008 05:31:07 AM:
> Hi Everybody,
>
> Sorry if the question is repleted but really I need a help, thanks.
>
> Problem is that I want to filter traffic from and to some host.
>
> The filter configuration is looking like:
>
> cat /etc/flow-tools/cfg/filter.cfg
>
> filter-primitive myhost
> type ip-address
> deny x.x.x.38
> default permit
>
> filter-definition drop_myhost
> match ip-source-address myhost
> or
> match ip-destination-address myhost
I think you want an *AND*. The above filter will pass a flow if either
condition is true. In each of the cases listed below, the second match
(ip-destination-address) is met successfully. If you AND them, then it
will permit only those flows where both cases are true - i.e., only
those flows where x.x.x.38 does not appear as source or destination.
I could be wrong :-)
Joe
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
