On Tue, Apr 17, 2001 at 12:29:30PM +0200, Olaf Titz wrote:
> > Umm, no. Counters can be resetable - you just specify that accounting
> > programs should not reset them, ever.
> >
> > The ability to reset counters is extremely useful if you're a human
> > looking at the output of iptables -L -v. (I thus far know of no one
> > who can memorise the counter values for around 40 rules).
>
> You'll get bogus accounting results unless you stop/restart the
> accounting programs every time you manually deal with the counters.
> This sounds dangerously easy to make mistakes to me.
mmh. But isn't that obvious? Every time you mess with anything (counters
or rules) of the chains/tables, your accounting program will get into
trouble, if it relies on those counters.
I don't think that it makes sense to do iptables-based accounting if you have
changes to the ruleset (counters and/or rules) at runtime. You'd have
to be very cautious what you are doing.
> Olaf
-- Live long and prosper - Harald Welte / laforge@gnumonks.org http://www.gnumonks.org ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Apr 23 2001 - 21:00:37 EST