Beta 2 is now available for testing.
New Features since Beta 1:
1) Beginning with the 3.3 kernels, Netfilter supports a form of
accounting (nfacct) that is triggered by iptables rules but that
survives purging and/or reloading the Netfilter ruleset. Shorewall
support for this form of accounting was added in this release.
As of this writing, Fedora 17 has partial support for this feature
but not all. It is necessary to download and build the following:
The following Fedora packages are also required:
- libnetlink and libnetlink-dev
- libmnl and libmnl-dev
The tarballs are available from the Netfilter download sites.
The nfacct utility can create, delete and display nfacct
objects. These named objects consist of a packet and a byte
counter. Packets matching those netfilter rules that use the nfacct
match cause the packet and byte count in the object named in the
match to be incremented.
To use nfaccnt with Shorewall, use the NFACCT target. See
shorewall-accounting(5) for details.
The 'shorewall show nfacct' command is a thin wrapper around the
nfacct list command and displays all objects.
Thank you for testing,
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car