On Fri, Oct 03, 2003 at 01:12:39AM +0200, nils toedtmann wrote: > Hi, > > i want to do passive accounting using the ULOG target. As i > understood, netfilter can only see packets passing the kernel > routing code. That explains why i cannot see packets (except > those for the box itself) passing the NIC in mangle/PREROUTING > (NIC in promiscuous mode). yes. This is how a packet filtering framework is supposed to behave. > but thats against iptables 1.2.3 (2001-11-06). Is there any > other way doing passive accounting with iptables? no, and I don't recommend it. neither iptables, nor ULOG/ulogd are a good way of doing accounting. This discussion happened before. Either on netdev, the ulogd list or netfilter-devel, don't remember. > /nils. -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgp00574.pgp
Description: PGP signature
