Re: strange upd traffic (ipchains newbie)
Thanks, Leen, Alexander and Tim for your answers.
I found the solution. I produced the traffic myself.
I did "ipchains -v -L" every second in a script to see what happens
on my network. I am interested in amount of traffic, at the moment.
But ipchains itselfs displays ip-adresses with names, not numbers,
so I had several dns-queries every second!
Now I do "watch -n 1 -d 'echo started at: $DATE_START; ipchains -vn -L'"
(-n!) and it works fine.
Alexander, you said I shouldn't use "-j ACCEPT", but I want
to split the traffic in three categories:
from 127.* from company-addresses and from rest.
Unfortunately you can't use boolean operators in "-s / -d".
"-s (127.0.0.0/8 | 192.168.0.0/16)" would be cool.
Is there a way of doing this?
That's way I use "-j rule" at the moment. I want to change
ACCEPT to my_rule someday if I have time to.
# count access from localhost
ipchains -A input -s 127.0.0.0/8 -i lo -j ACCEPT
# count access from gurkensalat (localhost)
ipchains -A input -s gurkensalat -j ACCEPT
# count access from internal network
ipchains -A input -s 18.104.22.168/24 -j ACCEPT
# count access from rest (internet)
ipchains -A input -j ACCEPT