i'm sure i saw somewhere a reference to using iptables rules just for counting packets. how did that work? if i recall correctly, it had to do with the fact that the target part of a rule was optional, and i could forward the packets i wanted to count through a chain or rule that did, essentially, nothing, but i could use "iptables -L" later to get statistics. pointer, anyone? i'm pretty sure this required a user-defined chain, but i forget the format. rday
