From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>, Eric Leblond <eric@regit.org>,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>
Subject: Re: pgsql-ulogd2
Date: Wed, 18 Jul 2012 00:29:36 +0100 [thread overview]
Message-ID: <5005F560.8070200@googlemail.com> (raw)
In-Reply-To: <20120716152815.GA28284@1984>
>> iptables -t raw -A PREROUTING -i eth0 -o eth7 \
>> -s 192.168.1.0/24 -j CT --ctevents new,related,destroy
>>
>
> It should be hard to add some "none" for --ctevents so you can add to
> the following rules below:
>
> iptables -t raw -A PREROUTING -i eth0 -o eth7 \
> -s 192.168.1.0/24 -j CT --ctevents new,related,destroy
> iptables -t raw -A PREROUTING -i eth0 -o eth7 \
> ! -s 192.168.1.0/24 -j CT --ctevents none
>
> Not to report events for others. Note that the "none" is missing now
> in iptables.
>
> Thus, we will only get events coming from 192.168.1.0/24.
>
I am not entirely certain whether I could do more damage to my setup if
I do the above. Let me explain:
On all interfaces, with the exception of one, I have a limited set of
rules, which are traversed only when a new connection is established
(i.e. the state is NEW). In all other cases, I have -j ACCEPT when the
state is RELATED or ESTABLISHED. This was done primarily to lower the
load on the firewall machine and also to save me from writing iptables
rules for both sides of a connection.
I am not sure if I apply the above, how would that affect the setup I
just described and I am not sure whether it would make things worse.
Again, my aim is to be able to configure full logging of particular type
of connections via NFCT (from their inception to their closure),
depending on the interface and source/destiantion IP address/subnet,
possibly without affecting the above setup too much.
I know how to do that with packets via NFLOG - that is easy enough for
me, but I am struggling with NFCT, unfortunately.
next prev parent reply other threads:[~2012-07-17 23:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-13 14:13 pgsql-ulogd2 Mr Dash Four
2012-07-13 15:55 ` pgsql-ulogd2 Eric Leblond
2012-07-14 13:00 ` pgsql-ulogd2 Mr Dash Four
2012-07-14 21:22 ` pgsql-ulogd2 Eric Leblond
2012-07-15 12:24 ` pgsql-ulogd2 Mr Dash Four
2012-07-15 12:33 ` pgsql-ulogd2 Mr Dash Four
2012-07-15 20:52 ` pgsql-ulogd2 Eric Leblond
2012-07-15 22:36 ` pgsql-ulogd2 Mr Dash Four
2012-07-16 6:33 ` pgsql-ulogd2 Eric Leblond
2012-07-16 12:43 ` pgsql-ulogd2 Mr Dash Four
2012-07-17 23:29 ` pgsql-ulogd2 Mr Dash Four
2012-07-16 8:00 ` pgsql-ulogd2 Florian Westphal
2012-07-16 10:51 ` pgsql-ulogd2 Pablo Neira Ayuso
2012-07-16 12:52 ` pgsql-ulogd2 Mr Dash Four
2012-07-16 13:27 ` pgsql-ulogd2 Florian Westphal
2012-07-16 15:28 ` pgsql-ulogd2 Pablo Neira Ayuso
2012-07-17 23:29 ` Mr Dash Four [this message]
2012-07-16 10:49 ` pgsql-ulogd2 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5005F560.8070200@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=eric@regit.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).