El miÃ, 16-03-2005 a las 14:15 -0500, Bill Chappell escribiÃ: > I do not have time this instant to share the code but the outline of > a packet counter I use is to create chain MANGLE_ACTIVITY in -t mangle, > add a rule that simply RETURNs to MANGLE_ACTIVITY, Insert a jump to the > MANGLE_ACTIVITY chain in -t mangle PREROUTING (so it is the first chain > hit by all incoming packets), use whatever matches, like --sport or > --dport (remember to specify protocol with port matches) and/or an > interface match. Then, in a script (mine happens to be Perl), run > "iptables -t mangle -nvL MANGLE_ACTIVITY" and pipe (|) it through grep > to get the RETURN line with the packet count and pipe it through > awk to pick off the packet count followed by > "iptables -t mangle -Z MANGLE_ACTIVITY" to zero the counter, > both in a loop with a sleep to get the interval (approximately). > > Hope this helps. > > Bill > > (Without deadlines, we'd live forever.) If you have a lot of rules you have to watch the counters it's better to do a little daemon that read the counters using libiptc, because using bash or perl to read them it's too slow. We have a daemon that do this called bastion-firewall-stats in our bastion-firewall GPL firewall. Anyone interested can download the source in our web site: http://www.bgsec.com/downloads.html Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
