[flow-tools] Local Traffic filter...

Michael Bellears michael.bellears@staff.datafx.com.au
Thu, 16 May 2002 16:17:05 +1000 

This is what I'm attempting to do:

client.acl:
ip access-list standard foo permit host xxx.xxx.xxx.xxx
ip access-list standard foo deny any

Which is fine for giving me inbound/outbound traffic:

./flow-cat -a /netflow/oar/krc3.v5/2002/2002-04/ | ./flow-filter -f
client.acl -D foo| ./flow-stat -f17 |more

# interface flows                 octets                packets
#
5           28175                 3299889830            5208599

Now, if I have the following:
local.acl
ip access-list standard bar deny host yyy.yyy.yyy.yyy
ip access-list standard bar deny any

What I would like to be able to do:

./flow-cat -a /netflow/oar/krc3.v5/2002/2002-04/ | ./flow-filter -f
client.acl -D foo| ./flow-filter -f local.acl -S bar|./flow-stat -f17 |more

Basically - On the fly filter all destination addresses with client.acl (So
only xxx.xxx.xxx.xxx is allowed) & also filter all source address with
local.acl (So that yyy.yyy.yyy.yyy is denied) - i.e. remove any traffic with
a destination ip of xxx.xxx.xxx.xxx and a source ip of yyy.yyy.yyy.yyy and
give me a total. (Love to be able to do this on a subnet level also: i.e.
remove any traffic with a destination range of xxx.xxx.xxx.xxx/29 and a
source ip of yyy.yyy.yyy.yyy/24)

This doesn't work.

Is it possible to be able to filter destination+source address based on ACL?

Or am I going about this the wrong way?

Thanks in advance for any suggestions.

Regards,
MB


> -----Original Message-----
> From: Michael Bellears [mailto:michael.bellears@staff.datafx.com.au]
> Sent: Wednesday, 16 January 2002 8:20 AM
> To: 'flow-tools@splintered.net'
> Subject: [flow-tools] Local Traffic filter...
> 
> We have a client who has requested that he not be billed for 'local'
> traffic
> - We have multiple class C's and filtering them all seems an
> administrative
> nightmare..
> 
> Just interested to know how others have solved this (Using flow-tools) ?
> 
> Regards,
> Michael
> 
> 
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools