[flow-tools] Local Traffic filter...
Michael Bellears
michael.bellears@staff.datafx.com.au
Thu, 16 May 2002 16:17:05 +1000
This is what I'm attempting to do:
client.acl:
ip access-list standard foo permit host xxx.xxx.xxx.xxx
ip access-list standard foo deny any
Which is fine for giving me inbound/outbound traffic:
./flow-cat -a /netflow/oar/krc3.v5/2002/2002-04/ | ./flow-filter -f
client.acl -D foo| ./flow-stat -f17 |more
# interface flows octets packets
#
5 28175 3299889830 5208599
Now, if I have the following:
local.acl
ip access-list standard bar deny host yyy.yyy.yyy.yyy
ip access-list standard bar deny any
What I would like to be able to do:
./flow-cat -a /netflow/oar/krc3.v5/2002/2002-04/ | ./flow-filter -f
client.acl -D foo| ./flow-filter -f local.acl -S bar|./flow-stat -f17 |more
Basically - On the fly filter all destination addresses with client.acl (So
only xxx.xxx.xxx.xxx is allowed) & also filter all source address with
local.acl (So that yyy.yyy.yyy.yyy is denied) - i.e. remove any traffic with
a destination ip of xxx.xxx.xxx.xxx and a source ip of yyy.yyy.yyy.yyy and
give me a total. (Love to be able to do this on a subnet level also: i.e.
remove any traffic with a destination range of xxx.xxx.xxx.xxx/29 and a
source ip of yyy.yyy.yyy.yyy/24)
This doesn't work.
Is it possible to be able to filter destination+source address based on ACL?
Or am I going about this the wrong way?
Thanks in advance for any suggestions.
Regards,
MB
> -----Original Message-----
> From: Michael Bellears [mailto:michael.bellears@staff.datafx.com.au]
> Sent: Wednesday, 16 January 2002 8:20 AM
> To: 'flow-tools@splintered.net'
> Subject: [flow-tools] Local Traffic filter...
>
> We have a client who has requested that he not be billed for 'local'
> traffic
> - We have multiple class C's and filtering them all seems an
> administrative
> nightmare..
>
> Just interested to know how others have solved this (Using flow-tools) ?
>
> Regards,
> Michael
>
>
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools