[Flow-tools] Re: flow-capture filter
Joe Loiacono
jloiacon at csc.com
Mon Jan 21 08:03:34 EST 2008
flow-tools-bounces at list.splintered.net wrote on 01/21/2008 05:31:07 AM:
> Hi Everybody,
>
> Sorry if the question is repleted but really I need a help, thanks.
>
> Problem is that I want to filter traffic from and to some host.
>
> The filter configuration is looking like:
>
> cat /etc/flow-tools/cfg/filter.cfg
>
> filter-primitive myhost
> type ip-address
> deny x.x.x.38
> default permit
>
> filter-definition drop_myhost
> match ip-source-address myhost
> or
> match ip-destination-address myhost
I think you want an *AND*. The above filter will pass a flow if either
condition is true. In each of the cases listed below, the second match
(ip-destination-address) is met successfully. If you AND them, then it
will permit only those flows where both cases are true - i.e., only those
flows where x.x.x.38 does not appear as source or destination.
I could be wrong :-)
Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20080121/68fd442a/attachment.htm
More information about the Flow-tools
mailing list