|
|
|
|||||||
| Знаете ли Вы, что ... | |
 |
...нарушения правил форума наказываются. Старайтесь их не нарушать. |
| << Предыдущий совет - Случайный совет - Следующий совет >> | |
ЦППМП Центр подготовки и поддержки молодых программистов (cppmp.uz). Еще разделы на форуме: Doppix  |
| Ответить |
|
|
Опции темы | Опции просмотра |
20.04.2008 13:25
|
#1 | |||||||
Admin
Admin
Сообщений: 8
+ 1
0/0
– 0
0/0
 |
Написал брандмауэр и подсчет трафика на bash
Код:
#!/bin/sh
SYSCTL="/sbin/sysctl -w"
IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"
# Internet Interface
INET_IFACE="eth0"
INET_ADDRESS="192.168.10.100"
# Local Interface Information
LOCAL_IFACE="eth1"
LOCAL_IP="192.168.30.1"
LOCAL_NET="192.168.30.0/24"
LOCAL_BCAST="192.168.30.255"
# Localhost Interface
LO_IFACE="lo"
LO_IP="127.0.0.1"
if [ "$1" = "save" ]
then
echo -n "Saving firewall to /etc/sysconfig/iptables ... "
$IPTS > /etc/sysconfig/iptables
echo "done"
exit 0
elif [ "$1" = "restore" ]
then
echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
$IPTR < /etc/sysconfig/iptables
echo "done"
exit 0
fi
if [ "$1" = "stop" ]
then
echo "Firewall completely flushed! Now running with no firewall."
exit 0
fi
#=========================================
if [ "$1" = "start" ]
then
echo "Loading kernel modules ..."
# /sbin/depmod -a
# core netfilter module
/sbin/modprobe ip_tables
# the stateful connection tracking module
/sbin/modprobe ip_conntrack
# filter table module
# /sbin/modprobe iptable_filter
# mangle table module
# /sbin/modprobe iptable_mangle
# nat table module
# /sbin/modprobe iptable_nat
# LOG target module
# /sbin/modprobe ipt_LOG
# This is used to limit the number of packets per sec/min/hr
# /sbin/modprobe ipt_limit
# masquerade target module
# /sbin/modprobe ipt_MASQUERADE
# filter using owner as part of the match
# /sbin/modprobe ipt_owner
# REJECT target drops the packet and returns an ICMP response.
# The response is configurable. By default, connection refused.
# /sbin/modprobe ipt_REJECT
# This target allows packets to be marked in the mangle table
# /sbin/modprobe ipt_mark
# This target affects the TCP MSS
# /sbin/modprobe ipt_tcpmss
# This match allows multiple ports instead of a single port or range
# /sbin/modprobe multiport
# This match checks against the TCP flags
# /sbin/modprobe ipt_state
# This match catches packets with invalid flags
# /sbin/modprobe ipt_unclean
# The ftp nat module is required for non-PASV ftp support
/sbin/modprobe ip_nat_ftp
# the module for full ftp connection tracking
/sbin/modprobe ip_conntrack_ftp
# the module for full irc connection tracking
/sbin/modprobe ip_conntrack_irc
# Required to enable IPv4 forwarding.
# Redhat users can try setting FORWARD_IPV4 in /etc/sysconfig/network to true
# Alternatively, it can be set in /etc/sysctl.conf
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
else
$SYSCTL net.ipv4.ip_forward="1"
$SYSCTL net.ipv4.tcp_syncookies="1"
$SYSCTL net.ipv4.conf.all.rp_filter="1"
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1"
$SYSCTL net.ipv4.conf.all.accept_source_route="0"
$SYSCTL net.ipv4.conf.all.secure_redirects="1"
$SYSCTL net.ipv4.conf.all.log_martians="1"
fi
echo "Flushing Tables ..."
# Reset Default Policies
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
# Flush all rules
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F
# Erase all non-default chains
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
# Set Policies
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
echo "Create and populate custom rule chains ..."
$IPT -N bad_packets
$IPT -N bad_tcp_packets
$IPT -N icmp_packets
$IPT -N udp_inbound
$IPT -N udp_outbound
$IPT -N tcp_inbound
$IPT -N tcp_outbound
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG --log-prefix "fp=bad_packets:2 a=DROP "
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP
$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG --log-prefix "fp=bad_packets:1 a=DROP "
$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP
$IPT -A bad_packets -p tcp -j bad_tcp_packets
$IPT -A bad_packets -p ALL -j RETURN
$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "fp=bad_tcp_packets:1 a=DROP "
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "fp=bad_tcp_packets:2 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "fp=bad_tcp_packets:3 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix "fp=bad_tcp_packets:4 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "fp=bad_tcp_packets:5 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "fp=bad_tcp_packets:6 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "fp=bad_tcp_packets:7 a=DROP "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A bad_tcp_packets -p tcp -j RETURN
$IPT -A icmp_packets --fragment -p ICMP -j LOG --log-prefix "fp=icmp_packets:1 a=DROP "
$IPT -A icmp_packets --fragment -p ICMP -j DROP
# $IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j LOG --log-prefix "fp=icmp_packets:2 a=ACCEPT "
# $IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
$IPT -A icmp_packets -p ICMP -j RETURN
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 113 -j REJECT
# $IPT -A udp_inbound -p UDP -s 0/0 --destination-port 113 -j ACCEPT
$IPT -A udp_inbound -p UDP -j RETURN
$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 113 -j REJECT
# $IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 113 -j ACCEPT
# HTTP
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 80 -j ACCEPT
# Email Server (SMTP)
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 25 -j ACCEPT
# Email Server (POP3)
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 110 -j ACCEPT
# Email Server (IMAP4)
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 143 -j ACCEPT
# SSL Email Server (POP3)
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 995 -j ACCEPT
# SSL Email Server (IMAP4)
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 993 -j ACCEPT
# sshd
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 22 -j ACCEPT
$IPT -A tcp_inbound -p TCP -j RETURN
$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT
echo "Process INPUT chain ..."
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
$IPT -A INPUT -p ALL -j bad_packets
# The rule to accept the packets.
# $IPT -A INPUT -p ALL -d 224.0.0.1 -j ACCEPT
# Rules for the private network (accessing gateway system itself)
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT
$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
# Route the rest to the appropriate user chain
$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP
$IPT -A INPUT -j LOG --log-prefix "fp=INPUT:99 a=DROP "
echo "Process FORWARD chain ..."
# Drop bad packets
$IPT -A FORWARD -p ALL -j bad_packets
# Accept TCP packets we want to forward from internal sources
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound
# Accept UDP packets we want to forward from internal sources
$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound
# If not blocked, accept any other packets from the internal interface
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
# Deal with responses from the internet
$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
# Log packets that still don't match
$IPT -A FORWARD -j LOG --log-prefix "fp=FORWARD:99 a=DROP "
echo "Process OUTPUT chain ..."
# However, invalid icmp packets need to be dropped
# to prevent a possible exploit.
$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP
# Localhost
$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
# To internal network
$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT
# To internet
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
# Log packets that still don't match
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
echo "Load rules for nat table ..."
# This is a sample that will exempt a specific host from the transparent proxy
#$IPT -t nat -A PREROUTING -p tcp -s 192.168.1.50 --destination-port 80 \
# -j RETURN
#$IPT -t nat -A PREROUTING -p tcp -s 192.168.1.50 --destination-port 443 \
# -j RETURN
# Redirect HTTP for a transparent proxy
#$IPT -t nat -A PREROUTING -p tcp --destination-port 80 \
# -j REDIRECT --to-ports 3128
# Redirect HTTPS for a transparent proxy - commented by default
# $IPT -t nat -A PREROUTING -p tcp --destination-port 443 \
# -j REDIRECT --to-ports 3128
###############################################################################
#
# POSTROUTING chain
#
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_ADDRESS
echo "Load rules for mangle table ..."
fi
#===========================
if [ "$1" = "restart" ]
then
date1=`date '+%F'`;
date2=`date '+%X'`;
$IPT -t mangle -nxvL POSTROUTING | awk '/ACCEPT.*eth1/ {print $9,$2}'>/etc/aatraff/traffic.txt
cat /etc/aatraff/traffic.txt | while read line;
do
var1=`echo "$line"|awk '{print $1}'`
var2=`echo "$line"|awk '{print $2}'`
MYSQL_RESULT=`mysql -D traffic -u root --password=xxxxxxxx -e "INSERT INTO kun VALUES('$var1','$var2','$date1','$date2')"`;
done;
$IPT -t mangle -F
$IPT -t nat -F
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_ADDRESS
cat /etc/aatraff/clients.txt | while read line;
do
var1=`echo "$line"|awk '{print $1}'`
var2=`echo "$line"|awk '{print $2}'`
var3=`echo "$line"|awk '/ACCEPT.*squid/ {print $1}'`
$IPT -t mangle -A PREROUTING -i eth0 -s $var1 -d 192.168.30.0/24 -j $var2
$IPT -t mangle -A POSTROUTING -o eth1 -d $var1 -s 192.168.30.0/24 -j $var2
if [ $var3 ]
then
$IPT -t nat -A PREROUTING -p tcp -s $var3 --destination-port 80 -j REDIRECT --to-ports 3128
fi
done
fi
#===============================
/etc/aatraff/clients.txt так выглядит
192.168.30.2 ACCEPT squid
192.168.30.3 ACCEPT squid
192.168.30.4 ACCEPT squid
192.168.30.5 DROP squid
192.168.30.6 DROP no
192.168.30.7 DROP no
192.168.30.8 DROP no
192.168.30.9 DROP no
192.168.30.10 DROP no
192.168.30.11 DROP no
192.168.30.12 DROP no
192.168.30.13 DROP no
192.168.30.14 DROP no
192.168.30.15 DROP no
192.168.30.16 DROP no
192.168.30.17 DROP no
192.168.30.18 DROP no
192.168.30.19 DROP no
192.168.30.20 DROP no
192.168.30.21 DROP no
192.168.30.22 DROP no
192.168.30.23 DROP no
192.168.30.24 DROP no
192.168.30.25 DROP no
192.168.30.26 DROP no
192.168.30.27 DROP no
192.168.30.28 DROP no
192.168.30.29 DROP no
192.168.30.30 DROP no
192.168.30.31 DROP no
192.168.30.32 DROP no
192.168.30.33 DROP no
192.168.30.34 DROP no
192.168.30.35 DROP no
192.168.30.36 DROP no
192.168.30.37 DROP no
192.168.30.38 DROP no
192.168.30.39 DROP no
192.168.30.40 DROP no
192.168.30.41 DROP no
192.168.30.42 DROP no
192.168.30.43 DROP no
192.168.30.44 DROP no
192.168.30.45 DROP no
192.168.30.46 DROP no
192.168.30.47 DROP no
192.168.30.48 DROP no
192.168.30.49 DROP no
192.168.30.50 DROP no
192.168.30.51 DROP no
192.168.30.52 DROP no
192.168.30.53 DROP no
192.168.30.54 DROP no
192.168.30.55 DROP no
192.168.30.56 DROP no
192.168.30.57 DROP no
192.168.30.58 DROP no
192.168.30.59 DROP no
192.168.30.60 DROP no
192.168.30.61 DROP no
192.168.30.62 DROP no
192.168.30.63 DROP no
192.168.30.64 DROP no
192.168.30.65 DROP no
192.168.30.66 DROP no
192.168.30.67 DROP no
192.168.30.68 DROP no
192.168.30.69 DROP no
192.168.30.70 DROP no
192.168.30.71 DROP no
192.168.30.72 DROP no
192.168.30.73 DROP no
192.168.30.74 DROP no
192.168.30.75 DROP no
192.168.30.76 DROP no
192.168.30.77 DROP no
192.168.30.78 DROP no
192.168.30.79 DROP no
192.168.30.80 DROP no
192.168.30.81 DROP no
192.168.30.82 DROP no
192.168.30.83 DROP no
192.168.30.84 DROP no
192.168.30.85 DROP no
192.168.30.86 DROP no
192.168.30.87 DROP no
192.168.30.88 DROP no
192.168.30.89 DROP no
192.168.30.90 DROP no
192.168.30.91 DROP no
192.168.30.92 DROP no
192.168.30.93 DROP no
192.168.30.94 DROP no
192.168.30.95 DROP no
192.168.30.96 DROP no
192.168.30.97 DROP no
192.168.30.98 DROP no
192.168.30.99 DROP no
192.168.30.100 DROP no
192.168.30.101 DROP no
192.168.30.102 DROP no
192.168.30.103 DROP no
192.168.30.104 DROP no
192.168.30.105 DROP no
192.168.30.106 DROP no
192.168.30.107 DROP no
192.168.30.108 DROP no
192.168.30.109 DROP no
192.168.30.110 DROP no
192.168.30.111 DROP no
192.168.30.112 DROP no
192.168.30.113 DROP no
192.168.30.114 DROP no
192.168.30.115 DROP no
192.168.30.116 DROP no
192.168.30.117 DROP no
192.168.30.118 DROP no
192.168.30.119 DROP no
192.168.30.120 DROP no
192.168.30.121 DROP no
192.168.30.122 DROP no
192.168.30.123 DROP no
192.168.30.124 DROP no
192.168.30.125 DROP no
192.168.30.126 DROP no
192.168.30.127 DROP no
192.168.30.128 DROP no
192.168.30.129 DROP no
192.168.30.130 DROP no
192.168.30.131 DROP no
192.168.30.132 DROP no
192.168.30.133 DROP no
192.168.30.134 DROP no
192.168.30.135 DROP no
192.168.30.136 DROP no
192.168.30.137 DROP no
192.168.30.138 DROP no
192.168.30.139 DROP no
192.168.30.140 DROP no
192.168.30.141 DROP no
192.168.30.142 DROP no
192.168.30.143 DROP no
192.168.30.144 DROP no
192.168.30.145 DROP no
192.168.30.146 DROP no
192.168.30.147 DROP no
192.168.30.148 DROP no
192.168.30.149 DROP no
192.168.30.150 DROP no
192.168.30.151 DROP no
192.168.30.152 DROP no
192.168.30.153 DROP no
192.168.30.154 DROP no
192.168.30.155 DROP no
192.168.30.156 DROP no
192.168.30.157 DROP no
192.168.30.158 DROP no
192.168.30.159 DROP no
192.168.30.160 DROP no
192.168.30.161 DROP no
192.168.30.162 DROP no
192.168.30.163 DROP no
192.168.30.164 DROP no
192.168.30.165 DROP no
192.168.30.166 DROP no
192.168.30.167 DROP no
192.168.30.168 DROP no
192.168.30.169 DROP no
192.168.30.170 DROP no
192.168.30.171 DROP no
192.168.30.172 DROP no
192.168.30.173 DROP no
192.168.30.174 DROP no
192.168.30.175 DROP no
192.168.30.176 DROP no
192.168.30.177 DROP no
192.168.30.178 DROP no
192.168.30.179 DROP no
192.168.30.180 DROP no
192.168.30.181 DROP no
192.168.30.182 DROP no
192.168.30.183 DROP no
192.168.30.184 DROP no
192.168.30.185 DROP no
192.168.30.186 DROP no
192.168.30.187 DROP no
192.168.30.188 DROP no
192.168.30.189 DROP no
192.168.30.190 DROP no
192.168.30.191 DROP no
192.168.30.192 DROP no
192.168.30.193 DROP no
192.168.30.194 DROP no
192.168.30.195 DROP no
192.168.30.196 DROP no
192.168.30.197 DROP no
192.168.30.198 DROP no
192.168.30.199 DROP no
192.168.30.200 DROP no
192.168.30.201 DROP no
192.168.30.202 DROP no
192.168.30.203 DROP no
192.168.30.204 DROP no
192.168.30.205 DROP no
192.168.30.206 DROP no
192.168.30.207 DROP no
192.168.30.208 DROP no
192.168.30.209 DROP no
192.168.30.210 DROP no
192.168.30.211 DROP no
192.168.30.212 DROP no
192.168.30.213 DROP no
192.168.30.214 DROP no
192.168.30.215 DROP no
192.168.30.216 DROP no
192.168.30.217 DROP no
192.168.30.218 DROP no
192.168.30.219 DROP no
192.168.30.220 DROP no
192.168.30.221 DROP no
192.168.30.222 DROP no
192.168.30.223 DROP no
192.168.30.224 DROP no
192.168.30.225 DROP no
192.168.30.226 DROP no
192.168.30.227 DROP no
192.168.30.228 DROP no
192.168.30.229 DROP no
192.168.30.230 DROP no
192.168.30.231 DROP no
192.168.30.232 DROP no
192.168.30.233 DROP no
192.168.30.234 DROP no
192.168.30.235 DROP no
192.168.30.236 DROP no
192.168.30.237 DROP no
192.168.30.238 DROP no
192.168.30.239 DROP no
192.168.30.240 DROP no
192.168.30.241 DROP no
192.168.30.242 DROP no
192.168.30.243 DROP no
192.168.30.244 DROP no
192.168.30.245 DROP no
192.168.30.246 DROP no
192.168.30.247 DROP no
192.168.30.248 DROP no
192.168.30.249 DROP no
192.168.30.250 DROP no
192.168.30.251 DROP no
192.168.30.252 DROP no
192.168.30.253 DROP no
192.168.30.254 DROP no
192.168.30.255 DROP no
/etc/aatraff/traffic.txt
192.168.30.2 10389
192.168.30.3 345
192.168.30.4 0
Жду ваши замечание и предложение Последний раз редактировалось Timur Bazikalov; 21.04.2008 в 14:02. |
|||||||
|
|
Ответить |
|
21.04.2008 11:05
|
#3 | |||||
AKA:Рустамыч
Сообщений: 2,598
+ 475
792/462
– 45
44/28
    |
Вам на http://opennet.ru/ надо
__________________
Свет рождает тени ... |
|||||
|
|
Ответить |
|
21.04.2008 13:54
|
#4 | ||||||
  
Веб-разработчик
AKA:monitoringe
Сообщений: 3,550
+ 664
1,588/953
– 8
3/2
  |
Цитата:
Оффтоп: Плохое предложение. Для кода есть тег [Code]. Помимо того, что он правильно оформляет код не увеличивает длину поста, он ещё не даёт символам вида «:)» превратиться в смайлики.
__________________
Я за правильное оформление текста на форуме. |
||||||
|
|
Ответить |
|
21.04.2008 14:04
|
#5 | ||||||
AKA:Timus Bazicalos
Сообщений: 445
+ 435
162/115
– 3
0/0
  |
Цитата:
|
||||||
|
|
Ответить |
|
21.04.2008 14:49
|
#6 | ||||||
 
ИП Уздунробита
специалист
Сообщений: 610
+ 454
435/216
– 1
1/1
|
Цитата:
Не предусмотрен вариант пропажи электропитания, в этом случае вся статистика с момента загрузки по время исчезновения питания теряется. Если админ погасит тачку не выполнив рестарт для скрипта статистика тоже теряется. Чаще всего, это обходят следующим образом: Сброс осуществляют по некоторому интервалу времени (скажем 5 минут) по крону. При этом используют инкрементальную статистику не iptables -nvxL chain , a iptables -nvxZ -L chain. (Флаг -Z это обнуление счетчиков сразу после их прочтения). В этом случае легче организуется подсчет статистики за день из БД (просто используется сумматор по полям траффика в рамках заданного диапазона времени). p.s. сами правила файервола особенно не смотрел. Если необходимо, то могу проанализировать вечером. |
||||||
|
|
Ответить |
|
Брандмауэр и подсчет трафика на bash
Линейный вид
