![]() ![]() You might also be interested in the command line arguments that I used: The INPUT chain is for packets to the Linux box itself, OUTPUT chain is for packets leaving the Linux box (generated by programs running on the Linux box) and FORWARD is for packets passing through the box. Notice also three so called "chains" - INPUT, FORWARD and OUTPUT. The 'bytes' stands for total number of bytes matched by the rule. Notice the pkts and bytes columns? The 'pkts' stands for packets and displays the total number of packets matched by the rule. Let's get familiar with the output that we'll be interested in when we have some rules. Right after booting, there are no rules added and no traffic has passed through. ![]() Pkts bytes target prot opt in out source destinationĬhain FORWARD (policy ACCEPT 0 packets, 0 bytes)Ĭhain OUTPUT (policy ACCEPT 0 packets, 0 bytes) Here is a detailed explanation of how I did it exactly.įirst, let's see what iptables shows us when we have just booted up.Ĭhain INPUT (policy ACCEPT 0 packets, 0 bytes) I created a script that creates an empty rule that always accepts traffic and passes it through the firewall for each user's IP address and another script that extracts the packet and byte count. I thought, why not use this for accounting? So I did. The gateway is a Linux box.Īt that time, I had already mastered iptables and I had noticed that when listing the existing rules, iptables would display the packet count and the total byte count for each rule. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |