ipfw_netflow: Add support for FIB
If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB. While here correct some value in rc.conf(5) to be int and not str. Sponsored by: Gandi.net
This commit is contained in:
parent
37ec52ca7a
commit
2a4727a472
@ -54,7 +54,7 @@ ipfw_netflow_status()
|
||||
ipfw_netflow_start()
|
||||
{
|
||||
ipfw_netflow_is_running && err 1 "ipfw_netflow is already active"
|
||||
ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any
|
||||
ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}}
|
||||
ngctl -f - <<-EOF
|
||||
mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0
|
||||
name ipfw:${ipfw_netflow_hook} netflow
|
||||
|
@ -602,12 +602,12 @@ By default a ipfw rule is inserted and all packets are duplicated with
|
||||
the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
|
||||
port using protocol version 5.
|
||||
.It Va ipfw_netflow_hook
|
||||
.Pq Vt str
|
||||
.Pq Vt int
|
||||
netflow hook name, must be numerical
|
||||
(default
|
||||
.Pa 9995 ) .
|
||||
.It Va ipfw_netflow_rule
|
||||
.Pq Vt str
|
||||
.Pq Vt int
|
||||
ipfw rule number
|
||||
(default
|
||||
.Pa 1000 ) .
|
||||
@ -617,13 +617,18 @@ Destination server ip for receiving netflow data
|
||||
(default
|
||||
.Pa 127.0.0.1 ) .
|
||||
.It Va ipfw_netflow_port
|
||||
.Pq Vt str
|
||||
.Pq Vt int
|
||||
Destination server port for receiving netflow data
|
||||
(default
|
||||
.Pa 9995 ) .
|
||||
.It Va ipfw_netflow_version
|
||||
.Pq Vt str
|
||||
.Pq Vt int
|
||||
Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
|
||||
.It Va ipfw_netflow_fib
|
||||
.Pq Vt int
|
||||
Only match packet in FIB
|
||||
.Pa ipfw_netflow_fib
|
||||
(default is undefined meaning all FIBs).
|
||||
.It Va natd_program
|
||||
.Pq Vt str
|
||||
Path to
|
||||
|
Loading…
Reference in New Issue
Block a user