Richard Hartmann wrote:
On Fri, Jan 9, 2009 at 12:50, Artūras Šlajus <x11@xxxxxxxxxxx> wrote:
iptables -A ACCOUNTING -s your_user_ip -j ACCEPT
iptables -A ACCOUNTING -d your_user_ip -j ACCEPT
Doesn't that mean that I am bypassing the rest of the
firewall rules?
Yes, it would. Just leave off the "-j ACCEPT" or use "-j RETURN" if
you want to bypass the rest of the ACCOUNTING chain. There is no
requirement that a rule have a target. I have a couple of rules
like that in my "mangle" table PREROUTING and POSTROUTING chains,
and they work just fine.
You'll want to use iptables with the "-x" flag when reading the
counters so that you get exact counts and not numbers like "14G".
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
