Hi, i want to do passive accounting using the ULOG target. As i understood, netfilter can only see packets passing the kernel routing code. That explains why i cannot see packets (except those for the box itself) passing the NIC in mangle/PREROUTING (NIC in promiscuous mode). The only solution google digged was <http://www.fokus.gmd.de/research/cc/glone/employees/sebastian.zander/private/netfilter.html> but thats against iptables 1.2.3 (2001-11-06). Is there any other way doing passive accounting with iptables? I know that this is not the first time this question shows up. The last message on this topic i found is 11 months old, i am just hoping things changed since then ;-) Our needs are simple, so i try to avoid using one of those listening userland deamons like net-acctd. /nils. -- sig.
