On a RHEL5.x86_64 firewall system (one interface internet-exposed, the other on intranet), totals for received bytes/sec and transmitted bytes/sec, as reported by 'sar -n DEV', are always nearly equal for both interfaces. This despite the fact that for sure the external interface is kept very busy dropping the usual internet cruft. Do interface 'received' statistics as maintained by the kernel NOT reflect traffic that is DENYed/DROPed/REJECTed by netfilter (iptables) rules? Or if it's not the case that the dropped traffic isn't counted, why the near equality for total traffic on both interfaces? If traffic that is REJECTed is not counted in the received counts, are the resets or icmp unreachables also not counted in the transmitted counts? thanks, val -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
