On 02/02/2011 11:01, Srinivasa T N wrote:
> Hi All,
>     I am using ipt_NETFLOW 1.7 on my RHEL 6 (2.6.32) box.  Now if I 
> want to accept packet destined for some port and at the same time I 
> want it to be accounted also, then I have to use the following rules:
>
> iptables -A INPUT --dport <portnum> -j NETFLOW
> iptables -A INPUT --dport <portnum> -j ACCEPT
>
>    This makes that every packet that I accept should have two rules 
> (one for accepting and one for accounting).  Don't you people think 
> that it will increase the number of rules a packet has to traverse?  
> Or is my understanding wrong?
>
umm... more actions on packets = more processing... so yes, Netflow 
accounting will produce a CPU overhead.

No such thing as a free lunch :-)

-- 
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: giles@coochey.net
Skype: gilescoochey