On 9/8/2013 6:05 AM, Roland RoLaNd wrote:
> All,
>
> i'm setting up accounting for my 60 user network.
>
> as i read from a number of tutorials, i can either go with the default
> setup of shorewall (version 4.5.5.3)
> or i can install xtables and configure shorewall to use perIP
>
> now the per ip setup is what i need, but i can do it without xtables by
> issuing the following:
>
> for i in {1..254};do
> echo "user_$i - x.x.x.$i - any
> any
> user_$i - - x.x.x.$i any
> - any" >> ./accounting;done
>
> and then tail accounting file with this line:
>
> COUNT total eth1
> COUNT total - eth0
>
>
> Can anyone find a problem with such a config?
> if there's any downside, i'd appreciate a heads up.It is grossly inefficient. Every packet in/out and through your firewall gets to traverse 254 extra iptables rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
