-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/16/2017 01:38 PM, Simon Hobson wrote: > Tom Eastep <[email protected]> wrote: > >>> Is there any way to fix this ? >> >> Partially. With ACCOUNTING_TABLE=mangle, rules in the PREROUTING >> section of the accounting file are traversed prior to DNAT. >> Unfortunately, rules in the POSTROUTING section are still >> traversed before SNAT/MASQUERADE. See >> http://www.shorewall.org/NetfilterOverview.html. > > Hmm, that's "inconvenient" :-( > > The diagram is useful, but doesn't show where accounting rules fit > into it.
It actually does. With ACCOUNTING_TABLE=mangle, all rules are in the mangle table. When you section the accounting file, the rules in each section are jumped to from the chain of the same name. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYpiQuAAoJEJbms/JCOk0Q/TsP/jXndoVnr6Mx30zcxXvob4H+ XuxfoyliYc6Rt2IVd2XRFzq11x5t9qPP/PlS0mu2LH3WoQm6QuVr8lval371EEz2 K3jTGYbI7Z1p5ilskC1fU3h9q3jGlUvf44GqU3Mpo3iP0BDLyBFnB00yVj02ioQy uMMXB1OXLnmO1qbhvOZ7ePpXL7e91WhKELJxywWqck+c8PZZ+WARuTsqo5VMYFkO V9M4xx/g7b+O/Zm60tml0F3bX7+VvsSnGtWEptMEFeVIhNIG2PpnXRADpaXx82Us DptUDMN+70zm+BHfBS0A4Af2b/N1nGb+frn28WQaiZARduY3tAb/XUyZ6g5eNP6Q vye1tsvpAd8DoiuCRmR/RF89hNHOWmMkcwI7DmTMa7TfBNTdMENGxL1O7Y8HUYlm oYiVOkrZr39fOOPnRj5hnhXl7zIjkswBXLokSmBBzjpQpf5EbjRRk291Xd3JTisj FAmDLS0u8lYiwot3RrJPI25lSiHQz7Hf8h6gGz6o3o/BeBnlGvJEa3KSIsRoANaC 6ib952BkZW+F7GSUMlovVYkpc8kzpsZb8pucv8z0rANpYFAaMCvpX4mkn4FP3rgy XeYkxjOlDB/WsKqmLHa3lZ0pEltm5A/YlEhg+fRIo4HNBAAxDcNf1OYQEOjTXXJb WnxNC8WWSx8fCM0lU35F =2Vkh -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
