On Mon, 2012-01-30 at 13:34 -0600, David Koscinski wrote: > > I've been thinking some more about your reply and I've been studying > the netfilter diagram you referenced and the shorewall-accounting > documentation. > > From that I can definitely say that I am doing accounting in the > netfilter table. > > According to the diagram the last chain that /etc/shorewall/accounting > would see is FORWARD. So my tcrules that apply mark 3 cannot be > accounted for because they have not been applied yet. > 3:T 0.0.0.0/0 0.0.0.0/0 udp 1194 # openvpn > > So then to mark the openvpn traffic that is generated on the firewall > (since it hosts openvpn) I would need a tcrule like this: > 3 fw 0.0.0.0/0 udp 1194 #openvpn > As I understand it, this would mark in the OUTPUT chain, which is part > of the filter table. > > Is that reasoning correct?
It will mark the traffic in the mangle table's OUTPUT chain. So it will be visible to the output accounting rules that are jumped to from the filter table's OUTPUT chain. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
