[flow-tools] Local Traffic filter...

Mark Fullmer maf@splintered.net
Fri, 17 May 2002 00:00:00 -0400 

What you're doing should work.  You can save a data copy by using 
-S and -D at the same time, ie

flow.acl: 
 ip access-list standard foo permit 10.0.0.0 0.255.255.255
 ip access-list standard bar permit 128.146.0.0 0.0.255.255

flow-cat <data> | flow-filter -f flow.acl -Sfoo -Dbar | flow-stat -f17

Subnets can be matched by using Cisco's don't care bit ACL syntax.  The
above would permit traffic from 10/8 to 128.146/16.

flow-tag with flow-stat may be a better solution for customer billing.
Some pieces are still missing, ie the ability for flow-filter to filter
on tags but that should be in 0.58.

mark

On Thu, May 16, 2002 at 04:59:48PM +1000, Michael Bellears wrote:
> Ahh Yes! - That will teach me to copy+paste!
> 
> I still get zero output though:
> 
> ./flow-cat -a /netflow/oar/krc3.v5/2002/2002-04/2002-04-30 | ./flow-filter
> -f client.acl -D foo|./flow-filter -f local.acl -S bar|./flow-stat -f17
> |more
> #  --- ---- ---- Report Information --- --- ---
> #
> # Fields:    Total
> # Symbols:   Disabled
> # Sorting:   None
> # Name:      Input interface
> #
> # Args:      ./flow-stat -f17 
> #
> #
> # interface flows                 octets                packets
> #
> vagabond:~/flow-tools-0.57/src#
> 
> Regards,
> MB
> 
> > -----Original Message-----
> > From: Cougar [mailto:cougar@random.ee]
> > Sent: Thursday, 16 May 2002 4:46 PM
> > To: Michael Bellears
> > Cc: 'flow-tools@splintered.net'
> > Subject: RE: [flow-tools] Local Traffic filter...
> > 
> > 
> > On Thu, 16 May 2002, Michael Bellears wrote:
> > 
> > > Now, if I have the following:
> > > local.acl
> > > ip access-list standard bar deny host yyy.yyy.yyy.yyy
> > > ip access-list standard bar deny any
> > 
> > Are you sure it should be "deny any" instead of "permit any" ? ;-)
> > 
> > ---
> > Cougar
> > 
> > 
> > _______________________________________________
> > flow-tools@splintered.net
> > http://www.splintered.net/sw/flow-tools
> 
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools