[nzlug] Firewall ruleset check...(ip accounting)

[Peter]

> Hmm, who says that they don't? Stonewall certainly does and I used it 
> when I wrote this:
> 
> http://www.cliffp.com/ipaccounting/index.html

Pity i didnt find that during my research period. Anyway we have approached ip accounting the same way, and produced much the same perl. In my case the accounting rules for the subnet are added and removed on demand after the rules are up (captive portal). However having taken a closer look at shorewall, i see no obvious reason why shorewall could not establish the firewall, and have the perl scripts maintain the accounting chains afterwards.

My hesitation is that when you muddle with several parts of a system, its good to be able to maintain an understanding of how the parts relate. For me I guess it boils down to how long it takes me to understand the new package. Depending on how well that package is documented , the rule quickly becomes - if the time it takes to learn the package exceeds the time required to avoid the package, then the latter approach tends to prevail. Rightly or wrongly from a technical POV. IME Avoiding the package often has been the more flexible approach, and whose learning will leverage future learning.

Anyway if i promise to trial shorewall with my captive portal software will you look at my ruleset?!

Regards

Peter Scott