Svenne Krap svenne at krap.dk
Thu Aug 11 17:49:40 CEST 2005


I am currently working on a not so simple firewall setup on a modern 
machine (Xeon, Gigs of memory, SCSI subsystem).

As part of it, I would like to know various "event" statistics.Questions 
I would like to answer is "How many hits on port 1433 have i got, and 
how is that distributed amongst the machines". Think pivot table data.

Is there some way to get netfilter to collect rule hits (like with no -j 
clause) for a each port/ip-address individually within a range ?
Other than creating thousands of lines of rules and add them to my 
"firewall-startup" script (which is currently slightly less than 80 rules).

I have thought of just logging all traffic and running it through a 
userspace program via syslog-ng, but frankly I worry about performance 
(the firewall should be able to filter at least the 100Mbps connection, 
it currently sits on) under flooding.

Your thoughs are apprieciated :)


More information about the netfilter mailing list