On Wed, Mar 17, 2021 at 06:01:43PM -0400, Martin Gignac wrote: > If I just run: > > nft list ruleset > rules.txt > > add: > > flush ruleset > > to the top of the file, add the: > > counter > > statement to the flowtable section, and then: > > nft -f rules.txt > > This should atomically add the "counter", but not impact traffic in > any way, shape or form, correct? It turns on packets and bytes counters: # conntrack -L tcp 6 src=10.141.10.2 dst=192.168.10.2 sport=57758 dport=5201 packets=1998758 bytes=87532896157 src=192.168.10.2 dst=192.168.10.1 sport=5201 dport=57758 packets=1966493 bytes=102257896 [OFFLOAD] mark=0 use=2 You also have to enable counters in conntrack: echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct
