Tom Eastep wrote: > Joshua Perry wrote: >> I'm happy to use something else, but most netflow projects that I've >> found out there are even older, from around 2005... If someone knows of >> a netflow exporter that is more recent/better supported I'd be happy to >> play with it. I really need to know what kind of traffic is going >> through my firewall and there are a lot of professional tools that will >> receive the netflow and tell me what is going on. >> > > If you just want to insert a couple of rules, you might consider doing > so in the /etc/shorewall/start script: > > run_iptables -I <chain> <ordinal> ... -j NETFLOW >
Another approach is to apply the attached patch (it will apply with an
offset to Shorewall 4.4.0-4.4.1 and to recent 4.2 Shorewall-perl releases):
4.2.*
patch /usr/share/shorewall-perl/Shorewall/Chains.pm < accounting.diff
4.4.*:
patch /usr/share/shorewall/Shorewall/Chains.pm < accounting.diff
Then place the following in /etc/shorewall/netflow:
use Shorewall::Chains;
add_rule $chainref, '-j NETFLOW';
return 1;
Now, any traffic sent to the 'netflow' accounting chain will be sent to
the NETFLOW target (which is what you were trying to do in the first place).
The patch will be included in Shorewall 4.4.2.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 685317e..8d9a97a 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -948,6 +948,20 @@ sub ensure_accounting_chain( $ )
$chainref = new_chain 'filter' , $chain unless $chainref;
$chainref->{accounting} = 1;
$chainref->{referenced} = 1;
+
+ my $file = find_file $chain;
+
+ if ( -f $file ) {
+ progress_message "Processing $file...";
+
+ my ( $level, $tag ) = ( '', '' );
+
+ unless ( my $return = eval `cat $file` ) {
+ fatal_error "Couldn't parse $file: $@" if $@;
+ fatal_error "Couldn't do $file: $!" unless defined $return;
+ fatal_error "Couldn't run $file" unless $return;
+ }
+ }
}
$chainref;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
