On Wed, Mar 16, 2005 at 10:16:32AM -0600, M. A. Imam wrote:
> Sure i would like to try that... Also if you can tell me how accurate it can
> be, i will be greatful.. By accurate i mean like if i will be able to get the
> count for each second also...
I'm not sure it's _that_ accurate, but here it is:
(Unscripted, you need a USAGE table which everything from FORWARD
that you're interested in gets passed through.)
This script is used to create the tables.
#! /usr/bin/perl
for my $i (33..254) {
print "/sbin/iptables -N USAGE_$i\n";
print "/sbin/iptables -A USAGE -d 203.194.23.$i -j USAGE_$i\n";
}
This snippet is part of my RADIUS dial-in script, and adds a link from
the USAGE_nnn table to a table named for the user who is on that IP:
($1 is the IP address, $ACCOUNT_NAME is the account name)
if [ $# -eq 1 -a "x$ACCOUNT_NAME" != "x" -a "x$POOL_NAME" != "x\"expired_pool\"" ]; then
CLASS=`echo $1 | /usr/bin/cut -d. -f 4`
SUBNET=`echo $1 | /usr/bin/cut -d. -f 3`
if [ "$SUBNET" = "23" ]; then
TABLE_NAME=`echo $ACCOUNT_NAME`
sudo /sbin/iptables -N USAGE_$TABLE_NAME && sudo /sbin/iptables -A USAGE_$TABLE_NAME -j ACCEPT || true
sudo /sbin/iptables -F USAGE_$CLASS && sudo /sbin/iptables -A USAGE_$CLASS -j USAGE_$TABLE_NAME || true
fi
fi
This perl script is run every ten minutes to scrape the usage data.
#! /usr/bin/perl
use strict;
open IPTABLES, "/sbin/iptables -t filter -Z -L -v -x |";
my $table;
my $account;
while (<IPTABLES>) {
$table = $1 if m#^Chain (.*) \(.*\)#;
next unless $table =~ /USAGE_\"(.*)\"/;
$account = $1;
next unless m#^\s+\d+\s+(\d+)\s+ACCEPT#;
next if $1 == 0;
print "$account: $1\n";
}
I hope that helps?
--
Paul "TBBle" Hampson, on an alternate email client.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
