The best way to get accurate interface stats IMHO: iptables -t mangle -A PREROUTING -i ${IF_WHATEVER} iptables -t mangle -A POSTROUTING -o ${IF_WHATEVER} They get executed and get executed before anything else (I am assuming you don't have the raw table). They don't have a jump rule so you can still place mangle rules in pre/post without having a jump before getting to them. Null jumps are giving me "iptables: Too many levels of symbolic links" for some reason, so I just used IPV4OPTSTRIP instead. I should really be using no jump, but I never got around to investigating. #iptables -t mangle -nvxL Chain PREROUTING (policy ACCEPT 3766257820 packets, 3341214673464 bytes) pkts bytes target prot opt in out source destination 0 0 IPV4OPTSSTRIP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 714986 677460576 IPV4OPTSSTRIP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 784926 141884330 IPV4OPTSSTRIP all -- eth2 * 0.0.0.0/0 0.0.0.0/0 6536 1035116 IPV4OPTSSTRIP all -- eth3 * 0.0.0.0/0 0.0.0.0/0 662036 177634497 IPV4OPTSSTRIP all -- eth4 * 0.0.0.0/0 0.0.0.0/0 87013 21842334 IPV4OPTSSTRIP all -- eth5 * 0.0.0.0/0 0.0.0.0/0 6633 529006 IPV4OPTSSTRIP all -- eth6 * 0.0.0.0/0 0.0.0.0/0 0 0 IPV4OPTSSTRIP all -- eth7 * 0.0.0.0/0 0.0.0.0/0 0 0 IPV4OPTSSTRIP all -- eth8 * 0.0.0.0/0 0.0.0.0/0 262 26042 IPV4OPTSSTRIP all -- lo * 0.0.0.0/0 0.0.0.0/0 <snip...> Chain POSTROUTING (policy ACCEPT 3694111642 packets, 3354474129645 bytes) pkts bytes target prot opt in out source destination 0 0 IPV4OPTSSTRIP all -- * eth0 0.0.0.0/0 0.0.0.0/0 595104 72600985 IPV4OPTSSTRIP all -- * eth1 0.0.0.0/0 0.0.0.0/0 867817 486577519 IPV4OPTSSTRIP all -- * eth2 0.0.0.0/0 0.0.0.0/0 7101 1269216 IPV4OPTSSTRIP all -- * eth3 0.0.0.0/0 0.0.0.0/0 770445 450764605 IPV4OPTSSTRIP all -- * eth4 0.0.0.0/0 0.0.0.0/0 7304 5864346 IPV4OPTSSTRIP all -- * eth5 0.0.0.0/0 0.0.0.0/0 10036 781826 IPV4OPTSSTRIP all -- * eth6 0.0.0.0/0 0.0.0.0/0 0 0 IPV4OPTSSTRIP all -- * eth7 0.0.0.0/0 0.0.0.0/0 0 0 IPV4OPTSSTRIP all -- * eth7 0.0.0.0/0 0.0.0.0/0 262 26042 IPV4OPTSSTRIP all -- * lo 0.0.0.0/0 0.0.0.0/0 <snip...> Then to scrape them, you would: # Inbound interface ${ifname} /sbin/iptables -nxvL -t mangle | grep "\*\ *${ifname}" | awk '{ print $2 }' # Outbound interface ${ifname} /sbin/iptables -nxvL -t mangle | grep "${ifname}\ *\*" | awk '{ print $2 }' If you have a lot more fine grained rules, I would use regex throughout the entire thing. It might be tricky, so try spicing up the input, like "-m mark ! --mark 0x10000" and search on !0x10000 since I doubt it would be used elsewhere. Just remember through, if you have a large enough ruleset, this can eventually impact your bandwidth utilization if the bandwith kills your CPU trying to match these rules :-) > How come it wont count up the Accepted packaged and Bytes? > If you need any more infos, please tell me!