Re: [Shorewall-users] per host accounting

Brian J. Murrell Tue, 29 Sep 2009 06:11:39 -0700

OK.  I've refined (or tried to) my rules a bit.  For a single host, I
have this:


#ACTION CHAIN   SOURCE          DESTINATION     PROTO   DEST            SOURCE  
USER/
#                                                       PORT(S)         PORT(S) 
GROUP

acc_pc:COUNT -  eth0.1          br-lan:10.75.22.1
acc_pc:COUNT -  br-lan:10.75.22.1 eth0.1
acc_pc:COUNT -  tun0            br-lan:10.75.22.1
acc_pc:COUNT -  br-lan:10.75.22.1 tun0
COUNT   acc_pc  -               -               tcp     143
COUNT   acc_pc  -               -               tcp     22
DONE    acc_pc

so that the overall, per interface traffic per host is accounted for in
the accounting chain and a drill down of selected protocols is done in a
separate chain per host.  (Yes, I know I need reciprocal rules for the
port 22,143 rules.)

The above rules result in a strange artifact though.  Witness:

Chain acc_pc (4 references)
 pkts bytes target     prot opt in     out     source               destination 
        
 3859 2993K            all  --  eth0.1 br-lan  0.0.0.0/0            10.75.22.1  
        
 3242  234K            all  --  br-lan eth0.1  10.75.22.1           0.0.0.0/0   
        
  199 28609            all  --  tun0   br-lan  0.0.0.0/0            10.75.22.1  
        
  213 27023            all  --  br-lan tun0    10.75.22.1           0.0.0.0/0   
        
 1837  127K            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp dpt:143 
    0     0            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
        tcp dpt:22 
 7513 3283K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        

Chain accounting (3 references)
 pkts bytes target     prot opt in     out     source               destination 
        
 3859 2993K acc_pc     all  --  eth0.1 br-lan  0.0.0.0/0            10.75.22.1  
        
 3242  234K acc_pc     all  --  br-lan eth0.1  10.75.22.1           0.0.0.0/0   
        
  199 28609 acc_pc     all  --  tun0   br-lan  0.0.0.0/0            10.75.22.1  
        
  213 27023 acc_pc     all  --  br-lan tun0    10.75.22.1           0.0.0.0/0   
        
...
12124 2253K RETURN     all  --  *      eth0.1  0.0.0.0/0            0.0.0.0/0   
        
14236   13M RETURN     all  --  eth0.1 *       0.0.0.0/0            0.0.0.0/0   
        

Why are the interface rules being added to both the accounting chain and
the acc_pc chain?  The former is obvious, buy the latter?

Again, this is shorewall 4.2.8.

b.

signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] per host accounting

Reply via email to