Am 2. April 2021 19:16:50 MESZ schrieb Frank Myhr <fmyhr@xxxxxxxxxxx>:
>On 2021/04/01 12:42, Anton Rieger wrote:
>> On Thu, Apr 01, 2021 at 10:08:32AM +0200, Frank Wunderlich wrote:
>>> made a little python-script (not yet with error-handling) to read
>out
>>> the bytes:
>>>
>>> import os
>>> import json
>>>
>>>
>>> def getCounter(countername):
>>> stream = os.popen('nft list counter filter '+countername+' -j')
>>> output = stream.read()
>>> #print(output)
>>> j=json.loads(output)
>>> return j["nftables"][0]["counter"]["bytes"]
>>>
>>> print(getCounter("voip1"),"bytes")
>>> print(getCounter("voip2"),"bytes")
>
>Nice!
>Anton & Frank W., is it OK with you if I include your examples in the
>nftables wiki?
My part is ok to include in wiki...i have posted to share :) maybe in combination with the rules (old version commented out and with map) to have full example
define ipvoipbox=192.168.0.8
table ip filter {
map voipcounters {
type inet_service : counter
elements = { 5160 : "voip1", 5161 : "voip2" }
}
chain FORWARD {
#ip saddr $ipvoipbox udp dport 5160 counter name voip1 comment "counting packets for SIP1"
#ip daddr $ipvoipbox udp dport 5160 counter name voip1 comment "counting packets for SIP1"
#ip saddr $ipvoipbox udp sport 5161 counter name voip2 comment "counting packets for SIP2"
#ip daddr $ipvoipbox udp dport 5161 counter name voip2 comment "counting packets for SIP2"
ip saddr $ipvoipbox counter name udp sport map @voipcounters
ip daddr $ipvoipbox counter name udp dport map @voipcounters
}
counter voip1 {
}
counter voip2 {
}
}
regards Frank
