Hi, On Fri, 10 Mar 2006, Micah Anderson wrote: > I'm using ipsets and it appears as if ipsets do not have counters for > packet matching, you can only count packets that match an entire set. That's true. > Is there a way I can get iptables to tell me the packets of a particular > IP in an ipset? No, it is not possible. Accounting was not part of the design. > I can create an ipmap ipset for each individual IP that I want to > count, and then count each of those set's packet counts, but do I gain > anything by doing this (ie. does using ipsets save me any memory or > CPU in this scenario?) No, you waste memory and CPU cycles. However, you can use ULOG as a target and log the packets by it. Feeding mySQL/Postgres by ulogd is easy and then you can create such accounting info as you wish. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
