[Shorewall-users] SHorewall and Accounting Scripts
Tue, 23 Apr 2002 06:34:36 -0700 (PDT)
On Tue, 23 Apr 2002, John Leach wrote:
> I've also been looking at iam.
> It seems to me that this dump needs to be run from cron every few hours, so
> the shorewall start file is not the place for it.
> Probably need to create a shell script containing those few lines and execute
> that from cron.
> On a more general note my assessment on using iam is that to get analysis by
> ip address range requires setting up entries in the hosts file for the
> different ip address ranges where accounting is required.
No -- don't do that; see below
> Accounting by port seems to be impossible (please correct me anyone if I am
> wrong) because most of the traffic comes through as a single
> "RELATED,ESTABLISHED' byte count for a zone2zone chain; and is not broken
> down by port.
Yes -- that's what stateful firewalls do.
> If anyone understands what I am talking about and can suggest a work around I
> would be grateful.
run_iptables -N account
<add all of your CPU-eating accounting rules here>
for chain in INPUT OUTPUT FORWARD do
run_iptables -I $chain -j account
The accounting rules should NOT have a target and you should use
'run_iptables' rather than running iptables directly.
run_iptables -A account -p tcp --dport 80
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org