Date: Fri, 30 Jul 2004 00:10:48 -0700 From: Glenn Dawson <glenn@antimatter.net> To: stable@freebsd.org Subject: Re: clarification regarding netgraph and ipfw Message-ID: <6.1.0.6.2.20040730000958.049ff320@cobalt.antimatter.net> In-Reply-To: <6.1.0.6.2.20040729234631.04717bc8@cobalt.antimatter.net> References: <6.1.0.6.2.20040729234631.04717bc8@cobalt.antimatter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
oops s/ng_netgraph/ng_netflow/g -Glenn At 11:59 PM 7/29/2004, Glenn Dawson wrote: >Greetings, > >I have a firewall running -STABLE. I'm using ipfw2 for filtering and >ng_netgraph (via ng_tee) to export netflow data. > >According to the man page for ng_ether, the lower hook gets raw ethernet >frames as they come off the wire. Reading the man page for ipfw it seems >to say that if I turn on net.link.ether.ipfw in sysctl that it will also >get things as they come off the wire. > >So my question is, which one gets them first? > >The reason I ask is that if I have an ipfw rule to block traffic from an >IP, will it get counted by ng_netgraph? Or will ipfw drop the packet >before it even gets to ng_ether? > >If the packets go through ng_ether first and then through ipfw, does >anyone know if it's possible to reverse that behavior? I'm doing billing >based on traffic and don't want the netflow data to include packets that >were dropped by ipfw. > >Thanks in advance for any insight. > >-Glenn > >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.0.6.2.20040730000958.049ff320>