From mboxrd@z Thu Jan 1 00:00:00 1970 From: Srinivasa T N Subject: Re: Place for ipt_ACCOUNT/ipt_NETFLOW Date: Fri, 04 Feb 2011 10:52:47 +0530 Message-ID: <4D4B8D27.3070306@linux.vnet.ibm.com> References: <4D4A6C6A.6000406@linux.vnet.ibm.com> <4D4B0D7B.5020703@riverviewtech.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4D4B0D7B.5020703@riverviewtech.net> Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Mail List - Netfilter On Friday 04 February 2011 01:48 AM, Grant Taylor wrote: > On 02/03/11 02:50, Srinivasa T N wrote: >> Is it possible for me to place rules related to accounting after filter >> table in the INPUT chain so that the accounting takes place only on the >> packets I am accepting in my box? > > I hope I'm understanding you correctly. > > It sounds like you are wanting to do your accounting after you filter > out most of the chaff / noise / IBR that you don't want. Correct? Yes, you are correct. > > If this is the case, why don't you have your filtering rules DROP / > REJECT / otherwise discard the packets you don't want and then have a > follow up rule that ACCEPTS the packet and do your accounting there? > > At least if I understand you correctly, filtering packets before they > hit your accounting rule should do what you are wanting. > But adding rules to discard the unwanted traffic and then do an accounting for the rest of the packets in not a good idea. I may not even know what type of packets may arrive and writing rules to discard each of unwanted packets is difficult. So, I prefer to write rules to accept only the packets that are required and then drop the other packets. I wanted to do the accounting only for packets that I accept. > > > Grant. . . . > -- Regards, Seenu.