> 31997506400-31997506128=272 > You are under the quota! Thank you for your reply. By discrepancy I mean iptables -L -v showing 32GB and iptables-save showing the correct point where it stopped, at the quota. That's a 2.2GB difference. > > 2012-03-09 01:19 keltezéssel, James Anderson írta: >> >> Hello everyone. >> >> I have been trying to get iptables to stop traffic to the internet >> after I have exceeded 29.8 GB and just allow traffic to the local >> subnet after that. I did the conversion on google and apparently >> 29.8GB is 31997506400 bytes. However tonight when I got home and did >> iptables -L -v, I saw this: >> >> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> 28M 32G ACCEPT all -- any any anywhere >> !192.168.2.0/24 quota: 31997506400 bytes >> 2459K 3621M ACCEPT all -- any any anywhere >> 192.168.2.0/24 >> 5770 1151K REJECT all -- any any anywhere >> anywhere reject-with icmp-port-unreachable >> >> At first I thought the quota didn't work, but then I did iptables-save -c >> >> *filter >> :INPUT ACCEPT [23078834:14787771556] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [0:0] >> [28216466:31997506128] -A OUTPUT ! -d 192.168.2.0/24 -m quota --quota >> 31997506400 -j ACCEPT >> [2475569:3622559686] -A OUTPUT -d 192.168.2.0/24 -j ACCEPT >> [24154:2350411] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable >> COMMIT >> >> which shows that it stopped at 29.7999998 GB. >> Could someone perhaps explain the discrepancy? >> Does iptables keep counting bytes even after the quota is full? >> >> many thanks in advance, >> >> James >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
