On Tuesday 2010-03-30 16:06, Roman Tsisyk wrote: ># Probe one network to first server >iptables -A FORWARD -s 192.168.0.0/24 -j PROBE --target 0 >iptables -A FORWARD -d 192.168.0.0/24 -j PROBE --target 0 > ># Probe another network to second server >iptables -A FORWARD -s 192.168.5.0/24 -j PROBE --target 1 >iptables -A FORWARD -d 192.168.5.0/24 -j PROBE --target 1 > ># Probe outgoing email flow to third server >iptables -A FORWARD -s 192.168.5.0/24 --dport 25 -j PROBE --target 2 >--- > >4. Support for exporting statistics via /proc >Traffic and packet rate, udp socket information and everything what >can be useful. Should probably be using netlink or sysfs instead. >6. Support for capturing mirrored to NIC packets (which is addressed >to another host). >Of course, Iptables simple drop these crap packets. May be make sysctl >option for this feature? iptables does not drop these, your NIC does when it's not in promiscuous mode. -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
