clarification regarding netgraph and ipfw
Glenn Dawson
glenn at antimatter.net
Fri Jul 30 00:11:32 PDT 2004
oops
s/ng_netgraph/ng_netflow/g
-Glenn
At 11:59 PM 7/29/2004, Glenn Dawson wrote:
>Greetings,
>
>I have a firewall running -STABLE. I'm using ipfw2 for filtering and
>ng_netgraph (via ng_tee) to export netflow data.
>
>According to the man page for ng_ether, the lower hook gets raw ethernet
>frames as they come off the wire. Reading the man page for ipfw it seems
>to say that if I turn on net.link.ether.ipfw in sysctl that it will also
>get things as they come off the wire.
>
>So my question is, which one gets them first?
>
>The reason I ask is that if I have an ipfw rule to block traffic from an
>IP, will it get counted by ng_netgraph? Or will ipfw drop the packet
>before it even gets to ng_ether?
>
>If the packets go through ng_ether first and then through ipfw, does
>anyone know if it's possible to reverse that behavior? I'm doing billing
>based on traffic and don't want the netflow data to include packets that
>were dropped by ipfw.
>
>Thanks in advance for any insight.
>
>-Glenn
>
>_______________________________________________
>freebsd-stable at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable
mailing list