El dom, 13-03-2005 a las 14:34 +0100, Sietse van Zanen escribiÃ: > Because netfilter is a stateful firewall basically. > It logs the first per NEW and marks the latter as RELATED,ESTABLISHED. > > Only packets that match the NEW state will increment the counters. It counts how many connections have been set-up. Not how many packets belonging to a connection pass. These will be counted in a -j ACEEPT --state RELATED,ESTABLISHED rule, if present. > > You could bypass this by creating stateless rule, but that would defeat the purpose of a stateless firewall. But you can use stateful rules to ACCEPT or DROP the packets and also stateless rules to LOG the packets, or sending them before the stateful rules ACCEPT of DROP them to a chain that contains RETURN rules to get the counters. This is what I do and it works quite well. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
