extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-13 21:27:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed quotes, add CVS Id

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@990 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
mhnoyes 2003-12-28 15:48:01 +00:00
parent 0152a59fc8
commit 9feb0d8e1d
1 changed files with 37 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
Shorewall-docs/Accounting.xml
View File

@ -2,6 +2,8 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article> <article>
<!--$Id$-->
<articleinfo> <articleinfo>
<title>Shorewall Traffic Accounting</title> <title>Shorewall Traffic Accounting</title>
@ -26,8 +28,8 @@
document under the terms of the GNU Free Documentation License, Version document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with 1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled &#34;<ulink Texts. A copy of the license is included in the section entitled
url="GnuCopyright.htm">GNU Free Documentation License</ulink>&#34;.</para> <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
</legalnotice> </legalnotice>
</articleinfo> </articleinfo>
@ -36,13 +38,14 @@
<para>Shorewall accounting rules are described in the file <para>Shorewall accounting rules are described in the file
/etc/shorewall/accounting. By default, the accounting rules are placed in a /etc/shorewall/accounting. By default, the accounting rules are placed in a
chain called &#34;accounting&#34; and can thus be displayed using chain called <quote>accounting</quote> and can thus be displayed using
&#34;shorewall show accounting&#34;. All traffic passing into, out of or <quote>shorewall show accounting</quote>. All traffic passing into, out of
through the firewall traverses the accounting chain including traffic that or through the firewall traverses the accounting chain including traffic
will later be rejected by interface options such as &#34;tcpflags&#34; and that will later be rejected by interface options such as <quote>tcpflags</quote>
&#34;maclist&#34;. If your kernel doesn&#39;t support the connection and <quote>maclist</quote>. If your kernel doesn&#39;t support the
tracking match extension (Kernel 2.4.21) then some traffic rejected under connection tracking match extension (Kernel 2.4.21) then some traffic
&#39;norfc1918&#39; will not traverse the accounting chain.</para> rejected under <quote>norfc1918</quote> will not traverse the accounting
chain.</para>
<para>The columns in the accounting file are as follows:</para> <para>The columns in the accounting file are as follows:</para>
@ -65,27 +68,27 @@
<listitem> <listitem>
<para><emphasis>&#60;chain&#62;</emphasis> - The name of a chain to <para><emphasis>&#60;chain&#62;</emphasis> - The name of a chain to
jump to. Shorewall will create the chain automatically. If the name jump to. Shorewall will create the chain automatically. If the name
of the chain is followed by &#34;:COUNT&#34; then a COUNT rule of the chain is followed by <quote>:COUNT</quote> then a COUNT rule
matching this rule will automatically be added to &#60;chain&#62;. matching this rule will automatically be added to &#60;chain&#62;.
Chain names must start with a letter, must be composed of letters Chain names must start with a letter, must be composed of letters
and digits, and may contain underscores (&#34;_&#34;) and periods and digits, and may contain underscores (<quote>_</quote>) and
(&#34;.&#34;). Beginning with Shorewall version 1.4.8, chain names periods (<quote>.</quote>). Beginning with Shorewall version 1.4.8,
man also contain embedded dashes (&#34;-&#34;) and are not required chain names man also contain embedded dashes (<quote>-</quote>) and
to start with a letter.</para> are not required to start with a letter.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">CHAIN</emphasis> - The name of the chain <para><emphasis role="bold">CHAIN</emphasis> - The name of the chain
where the accounting rule is to be added. If empty or &#34;-&#34; then where the accounting rule is to be added. If empty or <quote>-</quote>
the &#34;accounting&#34; chain is assumed.</para> then the <quote>accounting</quote> chain is assumed.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">SOURCE</emphasis> - Packet Source. The name <para><emphasis role="bold">SOURCE</emphasis> - Packet Source. The name
of an interface, an address (host or net) or an interface name followed of an interface, an address (host or net) or an interface name followed
by &#34;:&#34; and a host or net address.</para> by <quote>:</quote> and a host or net address.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -111,13 +114,13 @@
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>In all columns except ACTION and CHAIN, the values <para>In all columns except ACTION and CHAIN, the values <quote>-</quote>,<quote>any</quote>
&#34;-&#34;,&#34;any&#34; and &#34;all&#34; are treated as wild-cards.</para> and <quote>all</quote> are treated as wild-cards.</para>
<para>The accounting rules are evaluated in the Netfilter &#39;filter&#39; <para>The accounting rules are evaluated in the Netfilter <quote>filter</quote>
table. This is the same environment where the &#39;rules&#39; file rules are table. This is the same environment where the <quote>rules</quote> file
evaluated and in this environment, DNAT has already occurred in inbound rules are evaluated and in this environment, DNAT has already occurred in
packets and SNAT has not yet occurred on outbound ones.</para> inbound packets and SNAT has not yet occurred on outbound ones.</para>
<para>Accounting rules are not stateful -- each rule only handles traffic in <para>Accounting rules are not stateful -- each rule only handles traffic in
one direction. For example, if eth0 is your internet interface and you have one direction. For example, if eth0 is your internet interface and you have
@ -140,8 +143,8 @@
web:COUNT - eth1 eth0 tcp - 443 web:COUNT - eth1 eth0 tcp - 443
DONE web</programlisting> DONE web</programlisting>
<para>Now &#34;shorewall show web&#34; will give you a breakdown of your web <para>Now <quote>shorewall show web</quote> will give you a breakdown of
traffic:</para> your web traffic:</para>
<programlisting> [root@gateway shorewall]# shorewall show web <programlisting> [root@gateway shorewall]# shorewall show web
Shorewall-1.4.6-20030821 Chain web at gateway.shorewall.net - Wed Aug 20 09:48:56 PDT 2003 Shorewall-1.4.6-20030821 Chain web at gateway.shorewall.net - Wed Aug 20 09:48:56 PDT 2003
@ -168,8 +171,8 @@
COUNT web eth0 eth1 COUNT web eth0 eth1
COUNT web eth1 eth0</programlisting> COUNT web eth1 eth0</programlisting>
<para>Now &#34;shorewall show web&#34; simply gives you a breakdown by input <para>Now <quote>shorewall show web</quote> simply gives you a breakdown by
and output:</para> input and output:</para>
<programlisting> [root@gateway shorewall]# shorewall show accounting web <programlisting> [root@gateway shorewall]# shorewall show accounting web
Shorewall-1.4.6-20030821 Chains accounting web at gateway.shorewall.net - Wed Aug 20 10:27:21 PDT 2003 Shorewall-1.4.6-20030821 Chains accounting web at gateway.shorewall.net - Wed Aug 20 10:27:21 PDT 2003