Shorewall Guy wrote: > > The Shorewall accounting file does not provide a way to add rules to > arbitrary chains. And, as you've discovered, Shorewall-shell (or > possibly an ancient version of Shorewall) isn't particularly friendly > about reminding you of the fact. > > If you want to add a dummy counting rule to the front of the Drop chain, > add this to your /etc/shorewall/start file: > > run_iptables -I Drop
In Shorewall-perl 4.2.6, we will support a COUNT action. This action may be used in action bodies, macro bodies and in the rules file. COUNT creates a rule with no target so it simply counts the packets that match the rule. Note that placing a no-target rule at the front of the Drop chain will only count packets dropped *by DROP policies*; packets dropped by DROP rules will not be counted. Nevertheless, it seemed like what you were trying to count was generally useful enough that I've added COUNT rules to top of both action.Drop and action.Reject. These rules will be simply ignored by the Shorewall-shell compiler. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
