On Tue, 2004-02-17 at 13:12, Adi wrote: > Hi, > > Does anyone ever try traffic accounting using iptables (ipac-ng) in at > linux bridge? > I have try using iptables -t mangle -A PREROUTING -j ACCEPT, but when > i see the > bytes counter using iptables -t mangle -nL -vx, it shown 0. > But acctually the traffic already flow from eth0,eth1and br0, > i monitoring by the traffic using tcpdump and iptraf. Yes. What I do is use accounting when I have blocked a spammer from using mail to/from the servers behind my layer-2 firewall. Everything is selected by raw interface in the FILTER section. It's been effective to demonstrate when a person who has been guilty of spamming before is possibly starting to spam again. I haven't played with MANGLE in the layer-2 firewall, but then again my whole purpose for having one of those beasts is to offload our CISCO 7500 routers and provide some very specific protection for Windows systems. I run a mostly-closed firewall for them, and ever since I did that we have had far fewer problems with them. Satch
