On Monday, 20. April 2009 13:31:32 Thomas Jacob wrote: > > Well, for IPv4 you can alreay use "--src 172.16.0.0/16" > > and then do "-j ACCOUNT --addr 0.0.0.0/0" to merge > > the complete subnet into one single IP address. > > Hmm, then maybe haven't understood your module yet. > > If I specify "--src 172.16.0.0/16 -j ACCOUNT --addr 0.0.0.0/0 --tname > X", I was under the impression that I will get entries for each single > IP that somehow appears in packets that match --src 172.16.0.0/16 > in table X. Potentially a huge number (if you are getting DDOSed ;). Yes, basically it works that way. The only exception is 0.0.0.0/0: "A special subnet is "0.0.0.0/0": All data is stored in the src_bytes and src_packets structure of slot "0". This is useful if you want to account the overall traffic to/from your internet provider." -> You can accumulate complete subnets on one entry if you like. F.e. we use this to check for network activity (=and decrase a timeout if not present). Cheers, Thomas -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
