On Friday 04 February 2011 01:48 AM, Grant Taylor wrote:
On 02/03/11 02:50, Srinivasa T N wrote:
Is it possible for me to place rules related to accounting after filter
table in the INPUT chain so that the accounting takes place only on the
packets I am accepting in my box?
I hope I'm understanding you correctly.
It sounds like you are wanting to do your accounting after you filter
out most of the chaff / noise / IBR that you don't want. Correct?
Yes, you are correct.
If this is the case, why don't you have your filtering rules DROP /
REJECT / otherwise discard the packets you don't want and then have a
follow up rule that ACCEPTS the packet and do your accounting there?
At least if I understand you correctly, filtering packets before they
hit your accounting rule should do what you are wanting.
But adding rules to discard the unwanted traffic and then do an
accounting for the rest of the packets in not a good idea. I may not
even know what type of packets may arrive and writing rules to discard
each of unwanted packets is difficult. So, I prefer to write rules to
accept only the packets that are required and then drop the other
packets. I wanted to do the accounting only for packets that I accept.
Grant. . . .
--
Regards,
Seenu.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
