Hi, > > I have got a iptables firewall running and i want to monitor my traffic, > > therefore i played arund with the following command: /sbin/iptables > -vnxL > > OUTPUT | grep "Chain OUTPUT" > > It worked fine, although, after a while it kept getting the result: > > Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > > I reloaded the filter rules, still the same. > > Please don't wrap outputs. > > > Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > These-----^----------^ > are only the counters of your default policy. Your traffic is... > > > pkts bytes target prot opt in out source > destination > > 9 2051 ACCEPT all -- * lo 0.0.0.0/0 > 0.0.0.0/0 > > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 11 > > 2 132 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 3 code 3 > > 0 0 DROP icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 icmp type 3 > > 9535 2685876 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW,RELATED,ESTABLISHED > ,^^^^--^^^^^^^ > ... here. > > 0 0 LOG all -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-OUTPUT-ERROR ' > > > > [snip stuff] > > > > How come it wont count up the Accepted packaged and Bytes? > > It would, but as you -j ACCEPT everything before the default policy it > can't. I call this default policy at the beginning of my script (actually SuSEFirewalls script): $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD 2> /dev/null $IPTABLES -P INPUT "$DROP" $IPTABLES -P OUTPUT "$ACCEPT" $IPTABLES -P FORWARD "$ACCEPT" 2> /dev/null $IPTABLES -F $IPTABLES -X $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -t mangle -F $IPTABLES -t mangle -X so why am i "-j ACCEPT" accepting it before that? Thanks, Mario -- +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++ 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
