Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx> wrote:
> my rules-file looks like this now (just for anybody wants do do similar):
>
> table ip filter {
> ...
> chain FORWARD {
> type filter hook forward priority 0; policy drop;
> #...
> ip saddr $ipvoipbox udp dport 5160 counter name voip1 comment "counting packets for SIP1"
> ip daddr $ipvoipbox udp dport 5160 counter name voip1 comment "counting packets for SIP1"
> ip saddr $ipvoipbox udp sport 5161 counter name voip2 comment "counting packets for SIP2"
> ip daddr $ipvoipbox udp dport 5161 counter name voip2 comment "counting packets for SIP2"
> #...
> }
For two counters it makes no difference but note that you can combine
named counters with maps:
map voipcounters {
type ipv4_addr . inet_service : counter
elements = { 10.0.1.1 . 5160 : "voip1", 10.2.1.1 . 5161 : ...
and then count with one rule only:
counter name ip saddr . udp dport map @voipcounters
> one thing:
>
> # nft list counter filter voip2
> table ip mangle {
> }
> table ip nat {
> }
> table ip filter {
> counter voip2 {
> packets 124 bytes 7440
> }
> }
Can't repro so looks like this is already fixed.
> tables mangle and nat should not be printed (still have them separately from converting iptables to nft)...in json-format it is right
Yes, they should not be printed.
