On 05/17/2011 02:27 AM, Ed W wrote: > I accept your reply that it's not straightforward for now!
As I stated, to do as you suggest (COUNT:NFLOG... or DONE:...) would be
considerable work. To simple add an NFLOG 'ACTION' to the accounting
file is trivial. The attached patch does it.
NFLOG[(...)] chain source ...
This will be in 4.4.20 along with the ability to add your accounting
rules in the mangle table rather than the filter table. The latter will
allow accounting rules in PREROUTING and POSTROUTING.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm
index a0e581d..547509d 100644
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -224,6 +224,8 @@ sub process_accounting_rule( ) {
} else {
fatal_error "Invalid ACCOUNT Action";
}
+ } elsif ( $action =~ /^NFLOG/ ) {
+ $target = validate_level $action;
} else {
( $action, my $cmd ) = split /:/, $action;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
