On May 16, 2011, at 10:51 AM, Ed W wrote: > Anyone? > > To rephrase the question - I need to maintain a separate iptables rule > which has to match (and nf_log) ALL traffic. How to best maintain such > an additional iptables line to exist past restarts, etc? (probably > externally, but how?)
No single rule can do what you want because there is no single chain through which all traffic flows so you need more than one. But you can add them in the 'start' extension script. > Alternatively phrased question - how difficult would it be to support > NFLOG accounting in the accounting table? It's not difficult but I'm not sure I want to try to support such a feature. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
