From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Leblond Date: Wed, 27 Aug 2003 17:57:23 +0000 Subject: Re: [LARTC] Performanace fo the Iptables Server MIME-Version: 1 Content-Type: multipart/mixed; boundary="=-oJ+u1hnb4FIOYT5bzVTr" Message-Id: List-Id: References: In-Reply-To: To: lartc@vger.kernel.org --=-oJ+u1hnb4FIOYT5bzVTr Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Le mer 27/08/2003 =C3=A0 19:41, Stef Coene a =C3=A9crit : > On Wednesday 27 August 2003 19:31, hare ram wrote: > > Hi Stef > > > If you really want it very detailed (src/dst - address/port), you indeed = have=20 > to log it to mysql or so. > You can calulcate the number of updates you have to do mysql and simulate= this=20 > on a test box. As the mark you can put on the packet is quiet long you can use a mask system : [IP user][proto]. Next the script has only to split the information contained in the mark. That's add a multiplicative factor to the number of rules but that's all. So no need to use mysql. By the way you will need use connmark to track non linear protocol like ftp. BR, --=20 Eric Leblond Nufw : http://www.nufw.org --=-oJ+u1hnb4FIOYT5bzVTr Content-Type: application/pgp-signature; name=signature.asc Content-Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/TPEDnxA7CdMWjzIRAsT4AJ9g1754UyUjqRbShQDXPThXaukqzgCff5YB 9GAmWyCIcoC05wv8PK2FhEA= =byYB -----END PGP SIGNATURE----- --=-oJ+u1hnb4FIOYT5bzVTr-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/