Use of POST_START_SCRIPT
Thomas Bange
email hidden
Fri Sep 19 15:22:29 CEST 2003
Hi!
I'm trying to setup up fiaif with a custom iptables-script.
I want to build some accounting rules.
I wrote this script:
#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
echo -n "Creating accounting rules: "
## INPUT
iptables -N ACC_TCP_IN
iptables -A ACC_TCP_IN -j RETURN
iptables -A USER_FORWARD_EXT -p tcp -j ACC_TCP_IN
iptables -N ACC_UDP_IN
iptables -A ACC_UDP_IN -j RETURN
iptables -A USER_FORWARD_EXT -p udp -j ACC_UDP_IN
## OUTPUT
iptables -N ACC_TCP_OUT
iptables -A ACC_TCP_OUT -j RETURN
iptables -A USER_FORWARD_INT -p tcp -j ACC_TCP_OUT
iptables -N ACC_UDP_OUT
iptables -A ACC_UDP_OUT -j RETURN
iptables -A USER_FORWARD_INT -p udp -j ACC_UDP_OUT
echo "Done."
and added a POST_START_SCRIPT rule to fiaif.conf.
The scripts gets executed, but after starting
(or restarting) fiaif, I cannot find any of the
defined ACC_* rules when listing all rules with
iptables -vnL.
The only rules which are added are these:
Chain FORWARD_EXT (1 references)
pkts bytes target prot opt in out source
destination
0 0 USER_FORWARD_EXT all -- * * 0.0.0.0/0
0.0.0.0/0
[...]
Chain FORWARD_INT (3 references)
pkts bytes target prot opt in out source
destination
0 0 USER_FORWARD_INT all -- * * 0.0.0.0/0
0.0.0.0/0
[...]
Chain USER_FORWARD_EXT (1 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 RETURN udp -- * * 0.0.0.0/0
0.0.0.0/0
Chain USER_FORWARD_INT (1 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 RETURN udp -- * * 0.0.0.0/0
0.0.0.0/0
How do I use the POST_START_SCRIPT to add my own rules and chains?
Btw., does anyone know a good accounting tool which can easily being
used with fiaif and gives detailed reports?
Same for statistics about drop packets.
Regards,
Tom
More information about the fiaif
mailing list