On Wednesday 2011-12-14 12:00, pablo@xxxxxxxxxxxxx wrote: >Then, you can use one of this accounting objects in several iptables >rules using the new NFACCT target (which comes in a follow-up patch): > > # iptables -I INPUT -p tcp --sport 80 -j NFACCT --nfacct-name http-traffic > # iptables -I OUTPUT -p tcp --dport 80 -j NFACCT --nfacct-name http-traffic > >The idea is simple: if one packet matches the rule, the NFACCT target >updates the counters. This smells a lot like -m quota2 --grow, except that yours uses netlink instead of procfs and can only update the counters. I suggest to turn -j NFACCT into -m nfacct instead, so that we can add counting-down mode and matching capabilities, so as to replace xt_quota*. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
