[flow-tools] Flow Filters
Horatio B. Bogbindero
wyu@ateneo.edu
Tue, 18 Jun 2002 13:15:04 +0800
--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jun 17, 2002 at 05:04:51PM -0700, Saro Hayan wrote (wyy sez):
>
> I am trying to filters flows based on IP address.
>=20
> I am trying something very simple:
>=20
> flow-receive 0/0/9999 | flow-filter -f /var/ft/cfg/foo-acl -Smynet
>=20
> foo-acl contains the following:
>=20
> /var/ft/cfg#more foo-acl
> !
> ! permit my net
> !
> ip access-list standard mynet permit 10.10.10.0 0.0.0.255
> ip access-list standard mynet permit 20.20.20.0 0.0.0.255
> ip access-list standard mynet permit 172.16.0.0 0.0.255.255
> ip access-list standard mynet deny any
>=20
> It seems to be filtering everything as I don't get any flows.
>=20
did you check whether you have data from flow-receive? why not save
the output first to a flow file. use flow-capture to get a snapshot
for testing. it maybe that you what to filter by destination address
instead of source?
=20
-------------------------------------------
William Emmanuel S. Yu
Ateneo Campus Network Group (AteneoCNG)
email : wyy at admu dot edu dot ph
web : http://CNG.ateneo.net/wyu/
phone : +63(2)4266001-4186
GPG : http://CNG.ateneo.net/wyu/wyy.pgp
=20
War spares not the brave, but the cowardly.
-- Anacreon
=20
--2oS5YaxWCcQjTEyO
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9DsHXOgIOlr0CsAERArQQAKCFgZSfswI9H7t/ni3vK9TKYZe39gCgifOu
Q+TQrNWFiodTnIxDX9hxi98=
=a/cX
-----END PGP SIGNATURE-----
--2oS5YaxWCcQjTEyO--