Noèl Köthe wrote: > Am Sonntag, den 24.04.2005, 21:39 +0200 schrieb Casper Gielen: > > > The default rules.conf is inconsistent: > > > > The comments say > > # ipac~i - outgoing from machine with ipac-ng to > > > > so the rule > > > > total in all |ipac~i||all|| > > > > counts total _outgoing) traffic. > > This is mistake is caused by the very confusing use > > of "incoming" and "outgoing". Those terms should be seen from the > > viewpoint fo "the network" and not from the machine. > > Its your opinion. Other wants to see it the other way.
What "ipac~i" means may be subject to opinion (though I also think it's very confusing). But regardless, the default rules.conf is inconsistent. Consider this case: # Format: # Name of rule|direction|interface|protocol|source|destination # ipac~i - outgoing from machine with ipac-ng to other host(/net) # (or incoming to otherhost) # # connections from this machine to ... # # http (port 80) tonet in http|ipac~i|+|tcp|0/0 80|0/0 So "tonet in http" is "ipac~i" which means outgoing from the machine. And it's source port 80. So it's connections going from this machine's port 80 to somewhere, which usually means replies to HTTP requests (which makes up the bulk of the traffic on typical web servers, as confirmed by the actual numbers of our server). But the comment says "connections from this machine to ...", which is wrong, as it's actually replies to connections *to* this machine. And the label "tonet in http" is also wrong (or at least, very confusing). AFAICS, it should be "tomachine out http". Frank -- Frank Heckenbach, [EMAIL PROTECTED] http://fjf.gnu.de/ GnuPG and PGP keys: http://fjf.gnu.de/plan (7977168E) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
