Tom Eastep wrote: > Tom Eastep wrote: >> Joshua Perry wrote: >>> I'm happy to use something else, but most netflow projects that I've >>> found out there are even older, from around 2005... If someone knows of >>> a netflow exporter that is more recent/better supported I'd be happy to >>> play with it. I really need to know what kind of traffic is going >>> through my firewall and there are a lot of professional tools that will >>> receive the netflow and tell me what is going on. >>> >> If you just want to insert a couple of rules, you might consider doing >> so in the /etc/shorewall/start script: >> >> run_iptables -I <chain> <ordinal> ... -j NETFLOW >> > > Another approach is to apply the attached patch (it will apply with an > offset to Shorewall 4.4.0-4.4.1 and to recent 4.2 Shorewall-perl releases): > > 4.2.* > > patch /usr/share/shorewall-perl/Shorewall/Chains.pm < accounting.diff > > 4.4.*: > > patch /usr/share/shorewall/Shorewall/Chains.pm < accounting.diff > > Then place the following in /etc/shorewall/netflow: > > use Shorewall::Chains; > add_rule $chainref, '-j NETFLOW'; > return 1; > > Now, any traffic sent to the 'netflow' accounting chain will be sent to > the NETFLOW target (which is what you were trying to do in the first place). > > The patch will be included in Shorewall 4.4.2.
The issue with that patch can be resolved by applying the attached patch on top of it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 8674d94..40d6330 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -949,17 +949,19 @@ sub ensure_accounting_chain( $ )
$chainref->{accounting} = 1;
$chainref->{referenced} = 1;
- my $file = find_file $chain;
+ if ( $chain ne 'accounting' ) {
+ my $file = find_file $chain;
- if ( -f $file ) {
- progress_message "Processing $file...";
+ if ( -f $file ) {
+ progress_message "Processing $file...";
- my ( $level, $tag ) = ( '', '' );
+ my ( $level, $tag ) = ( '', '' );
- unless ( my $return = eval `cat $file` ) {
- fatal_error "Couldn't parse $file: $@" if $@;
- fatal_error "Couldn't do $file: $!" unless defined $return;
- fatal_error "Couldn't run $file" unless $return;
+ unless ( my $return = eval `cat $file` ) {
+ fatal_error "Couldn't parse $file: $@" if $@;
+ fatal_error "Couldn't do $file: $!" unless defined $return;
+ fatal_error "Couldn't run $file" unless $return;
+ }
}
}
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
