Oops, a little error in my last posting. Do NOT use the RETURN target on
the default chain.
The RETURN target (obviously) returns the packets to the chain that sent
it there. If used in the main chain, it is the same as falling back to
the default behaviour of the chain and will hopefully be denied.
Therefore, a direction to a chain must be done.
iptables -N count_in
iptables -A count_in -j RETURN
iptables -N count_out
iptables -A count_out -j RETURN
iptables -A FORWARD -s 192.168.0.4 -j count_in
iptables -A FORWARD -d 192.168.0.4 -j count_out
will do the trick.
Bjørn
