On Fri, Mar 30, 2007 at 09:26:28AM -0700, Tom Eastep wrote: > Asim Ahmed Khan wrote: > > Hi, > > > > I am using shorewall 3.0.5 on Fedora Core 4. Is that possible that i > > can capture / monitor traffic usage (internet usage) from any particular > > IP and if required i can block his traffic based on condition ? any help > > greatly appriciated. > > From http://www.shorewall.net/Introduction.html: > > Shorewall is not a daemon. Once Shorewall has configured Netfilter, > it's job is complete and there is no ?Shorewall process? left > running in your system. > > It follows that Shorewall itself cannot monitor anything. > > If you have an external application that monitors traffic and decides that > it wants to block traffic from a particular address, it can do so by using > the "shorewall drop" or "shorewall reject" commands.
Although if you're just blocking an IP address entirely, and you're doing a lot of them (few hundred or more), it's far more efficient to use a null route (netfilter itself is quite slow compared to the routing table). ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
