Hi,
i''d like to do accounting on dropped and rejected packets and bytes on
my firewall.
When i have a chain like :
Chain Drop (1 references)
pkts bytes target prot opt in out source
destination
3 164 RejectAuth all -- * * 0.0.0.0/0
0.0.0.0/0
3 164 dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 AllowICMPs icmp -- * * 0.0.0.0/0
0.0.0.0/0
3 164 dropInvalid all -- * * 0.0.0.0/0
0.0.0.0/0
3 164 DropSMB all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 dropNotSyn tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
if i do :
shorewall show dropInvalid
i have
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
that is not the same.
I want to retrieve all DROP on one side, and ALL REJECT on another.
could that be possible to do accounting just on drop and reject?
Laurent
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
On Monday 13 February 2006 10:34, Tzacos wrote:> Hi, > > i''d like to do accounting on dropped and rejected packets and bytes on > my firewall.The attached is a sample of the types of things you can do with simple shell scripting. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep a écrit :> On Monday 13 February 2006 10:34, Tzacos wrote: > >>Hi, >> >>i''d like to do accounting on dropped and rejected packets and bytes on >>my firewall. > > > The attached is a sample of the types of things you can do with simple shell > scripting. > > -TomNo way to use the accounting in shorewall? or maybe to redefine all rules to separate all ACCEPT/DROP/REJECT rules Laurent ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
On Monday 13 February 2006 12:46, Tzacos wrote:> Tom Eastep a écrit : > > On Monday 13 February 2006 10:34, Tzacos wrote: > >>Hi, > >> > >>i''d like to do accounting on dropped and rejected packets and bytes on > >>my firewall. > > > > The attached is a sample of the types of things you can do with simple > > shell scripting. > > > > -Tom > > No way to use the accounting in shorewall? > or maybe to redefine all rules to separate all ACCEPT/DROP/REJECT rulesIf there was such a way, do you think that I would have gone to the trouble of writing that example for you? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep a écrit :> On Monday 13 February 2006 12:46, Tzacos wrote: > >>Tom Eastep a écrit : >> >>>On Monday 13 February 2006 10:34, Tzacos wrote: >>> >>>>Hi, >>>> >>>>i''d like to do accounting on dropped and rejected packets and bytes on >>>>my firewall. >>> >>>The attached is a sample of the types of things you can do with simple >>>shell scripting. >>> >>>-Tom >> >>No way to use the accounting in shorewall? >>or maybe to redefine all rules to separate all ACCEPT/DROP/REJECT rules > > > If there was such a way, do you think that I would have gone to the trouble of > writing that example for you? > > -TomI already know this solution. I was juste expected there was something to do with the accounting capabilities of shorewall. The shell solution is too expensive in performance laurent ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
On Monday 13 February 2006 12:46, Tzacos wrote:> Tom Eastep a écrit : > > On Monday 13 February 2006 10:34, Tzacos wrote: > >>Hi, > >> > >>i''d like to do accounting on dropped and rejected packets and bytes on > >>my firewall. > > > > The attached is a sample of the types of things you can do with simple > > shell scripting. > > > > -Tom > > No way to use the accounting in shorewall? > or maybe to redefine all rules to separate all ACCEPT/DROP/REJECT rulesShorewall accounting occurs BEFORE filtering -- it can''t possibly report the results of filtering. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Tom Eastep a écrit :> > Shorewall accounting occurs BEFORE filtering -- it can''t possibly report the > results of filtering.ah, this is interesting. So it can''t be used for what i want to do :) thx Laurent ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642