On a RHEL5.x86_64 firewall type system (one interface internet-exposed, the other faces intranet), totals for received bytes/sec and transmitted bytes/sec as reported by 'sar -n DEV' are always nearly equal for both interfaces. This despite the fact that for sure the external interface is kept very busy dropping the usual internet cruft. Do interface 'received' statistics as maintained by the kernel NOT reflect traffic that is DENYed/DROPed/REJECTed by netfilter (iptables) rules? If so, any ideas why? Or if it's not the case that the dropped traffic isn't counted, why the near equality for total traffic on both interfaces? Or am I merely confused, again... thanks, val -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
