Anyone? To rephrase the question - I need to maintain a separate iptables rule which has to match (and nf_log) ALL traffic. How to best maintain such an additional iptables line to exist past restarts, etc? (probably externally, but how?)
Alternatively phrased question - how difficult would it be to support NFLOG accounting in the accounting table? Thanks Ed W On 15/05/2011 10:36, Ed W wrote: > Hi, I need to accurately account for all traffic through several > interfaces on a box running Shorewall. I will be using NFLOG with a > custom logger because I actually need to log traffic "per user" also > (and so there is also a captive portal type arrangement tagging packets > with an fwmark.) > > I guess I just need a simple rule at the head of the INPUT and OUTPUT > chains to grab this logging - however, what is the best way to manage > this rule and make sure it's there whenever shorewall is restarted, etc? > > (Basically I don't want to have to ensure every single entry in "rules" > has a correct log entry against it. I require to log every single > packet in/out) > > Thanks for any thoughts > > Ed W ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
