fwanalog: [fwAnalog] HOSTEXCLUDE does NOT work

From: Jorma Hytönen <jorma.hytonen~AT~sicom.fi>
Date: Sun Jul 01 2007 - 09:43:48 CEST

Hi,
Is this mailing list alive anymore?
Why HOSTEXCLUDE does not work?
Is this version of fwanalog compatilble of analog 6.0?

I'm using:

Debian 4/Knoppix, with 2.6.19 kernel
analog Unix 6.0
fwanalog 0.6.9

fwanalog.analog.conf.local include lines: # If you want to exclude blocked packets from some hosts (e.g. your private network)
HOSTEXCLUDE 172.16.8.*
HOSTEXCLUDE 192.168.0.* REPORTORDER xiurSZo5746HhwDdWmQ1zvbfPscJpBKknNIEtlLRMjYy # Analog 5.x ????

Still I got reports like this:

Packet Source Host Report

Listing hosts with at least 0.5% of the blocked packets, sorted by the number of blocked packets.

#: #blocks: %blocks: kbytes: last time: host

--: -------: -------: ------: ------------------: ----
 1:    3539:  21.08%: 557.19: Jun/28/07 11:57 PM: 172.16.8.3 <http://172.16.8.3>
 2:    3038:  18.09%: 260.30: Jun/28/07 11:58 PM: 172.16.8.13 <http://172.16.8.13>
 3:    1553:   9.25%: 209.25: Jun/28/07 11:59 PM: 172.16.8.6 <http://172.16.8.6>
 4:    1537:   9.15%: 265.51: Jun/28/07 11:54 PM: 172.16.8.12 <http://172.16.8.12>
 5:    1300:   7.74%: 219.96: Jun/28/07 10:44 PM: 172.16.8.246 <http://172.16.8.246>
 6:    1086:   6.47%: 128.63: Jun/28/07 11:52 PM: 172.16.8.7 <http://172.16.8.7>
 7:    1038:   6.18%: 131.84: Jun/28/07  8:30 PM: 172.16.8.227 <http://172.16.8.227>
 8:     884:   5.27%: 106.82: Jun/28/07 11:57 PM: 172.16.8.230 <http://172.16.8.230>
 9:     596:   3.55%:  82.70: Jun/28/07 11:57 PM: 172.16.8.2 <http://172.16.8.2>
10:     427:   2.54%:  64.60: Jun/28/07 10:53 PM: 172.16.8.10 <http://172.16.8.10>
11:     375:   2.23%:  49.75: Jun/28/07 11:58 PM: 172.16.8.9 <http://172.16.8.9>
12:     354:   2.11%:  46.64: Jun/28/07 11:53 PM: 172.16.8.8 <http://172.16.8.8>
13:     326:   1.94%:  40.37: Jun/28/07  8:25 PM: 172.16.8.222 <http://172.16.8.222>
14:     240:   1.43%:  57.07: Jun/28/07 11:58 PM: datatuki.fi <http://datatuki.fi>
15:     167:   0.99%:  19.34: Jun/28/07  8:48 PM: 172.16.8.18 <http://172.16.8.18>
16:     114:   0.68%:  14.97: Jun/28/07  4:35 PM: 172.16.8.11 <http://172.16.8.11>
  :     216:   1.29%:  50.53: Jun/28/07 11:49 PM: [not listed: 71 hosts]
------------------------------

Now, I don't know witch 71 hosts are missing?

Organization Report

Listing organizations with at least 0.5% of the blocked packets, sorted by the number of blocked packets.

#: #blocks: %blocks: Mbytes: last time: organization

--: -------: -------: ------: ------------------: ------------
 1:   16421:  97.80%:   2.16: Jun/28/07 11:59 PM: 172.16
 2:     240:   1.43%:   0.06: Jun/28/07 11:58 PM: datatuki.fi 
<http://datatuki.fi>
 :     129:   0.77%:   0.04: Jun/28/07 11:49 PM: [not listed: 64

organizations]

172.16.* is my ISP's network and datatuki.fi is my own domain. And now, I don't know witch 64 oprg's are in list.

Regards -- Jorma Hytonen

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Jorma Hytönen
Nuottakatu 4 A8
50190 MIKKELI
GSM 041 777 4403
Email: jorma.hytonen@sicom.fi
Web: http://datatuki.sicom.fi
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The hardest part of solving a problem is often formulating the right question. The answer is out there, somewhere.
-- By Espen Andersen Received on Sun Jul 01 09:43:38 2007

This archive was generated by hypermail 2.1.8 : Sun Jul 01 2007 - 10:22:08 CEST