On May 16, 2011, at 4:23 PM, Tom Eastep wrote: > > On May 16, 2011, at 10:51 AM, Ed W wrote: > >> Anyone? >> >> To rephrase the question - I need to maintain a separate iptables rule >> which has to match (and nf_log) ALL traffic. How to best maintain such >> an additional iptables line to exist past restarts, etc? (probably >> externally, but how?) > > No single rule can do what you want because there is no single chain through > which all traffic flows so you need more than one. But you can add them in > the 'start' extension script. > >> Alternatively phrased question - how difficult would it be to support >> NFLOG accounting in the accounting table? > > It's not difficult but I'm not sure I want to try to support such a feature.
I've looked at this and it's not as straight-forward as I had assumed. So it isn't something that I can whip up in a day or two. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
