Use of POST_START_SCRIPT

Thomas Bange email hidden
Fri Sep 19 15:22:29 CEST 2003


Hi!

I'm trying to setup up fiaif with a custom iptables-script.
I want to build some accounting rules.

I wrote this script:

#!/bin/sh

PATH=/bin:/sbin:/usr/bin:/usr/sbin

echo -n "Creating accounting rules: "

## INPUT

iptables -N ACC_TCP_IN
iptables -A ACC_TCP_IN -j RETURN
iptables -A USER_FORWARD_EXT -p tcp -j ACC_TCP_IN

iptables -N ACC_UDP_IN
iptables -A ACC_UDP_IN -j RETURN
iptables -A USER_FORWARD_EXT -p udp -j ACC_UDP_IN

## OUTPUT

iptables -N ACC_TCP_OUT
iptables -A ACC_TCP_OUT -j RETURN
iptables -A USER_FORWARD_INT -p tcp -j ACC_TCP_OUT

iptables -N ACC_UDP_OUT
iptables -A ACC_UDP_OUT -j RETURN
iptables -A USER_FORWARD_INT -p udp -j ACC_UDP_OUT

echo "Done."

and added a POST_START_SCRIPT rule to fiaif.conf.
The scripts gets executed, but after starting
(or restarting) fiaif, I cannot find any of the
defined ACC_* rules when listing all rules with
iptables -vnL.

The only rules which are added are these:

Chain FORWARD_EXT (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 USER_FORWARD_EXT  all  --  *      *       0.0.0.0/0
0.0.0.0/0

[...]

Chain FORWARD_INT (3 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 USER_FORWARD_INT  all  --  *      *       0.0.0.0/0
0.0.0.0/0

[...]

Chain USER_FORWARD_EXT (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 RETURN     udp  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain USER_FORWARD_INT (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0
    0     0 RETURN     udp  --  *      *       0.0.0.0/0
0.0.0.0/0

How do I use the POST_START_SCRIPT to add my own rules and chains?

Btw., does anyone know a good accounting tool which can easily being
used with fiaif and gives detailed reports?
Same for statistics about drop packets.

Regards,
Tom



More information about the fiaif mailing list