Re: Double rules for using NETFLOW?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/02/2011 11:01, Srinivasa T N wrote:

Hi All,
I am using ipt_NETFLOW 1.7 on my RHEL 6 (2.6.32) box. Now if I want to accept packet destined for some port and at the same time I want it to be accounted also, then I have to use the following rules: 

iptables -A INPUT --dport <portnum> -j NETFLOW
iptables -A INPUT --dport <portnum> -j ACCEPT
This makes that every packet that I accept should have two rules (one for accepting and one for accounting). Don't you people think that it will increase the number of rules a packet has to traverse? Or is my understanding wrong?
umm... more actions on packets = more processing... so yes, Netflow accounting will produce a CPU overhead. 

No such thing as a free lunch :-)

--
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: giles@xxxxxxxxxxx
Skype: gilescoochey

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux