On Thu, Aug 31, 2023 at 10:32 AM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> On Thu, Aug 31, 2023 at 10:25:15AM -0500, Matt Zagrabelny wrote:
> > Is there a way to count the packets that get evaluated by the default
> > policy of a chain?
> >
> > I know I can put a counter after all my rules, but it seems like it
> > would be nicer to somehow integrate it into:
> >
> > chain IN {
> > type filter hook input priority filter; policy drop;
> >
> > for example:
> >
> > chain IN {
> > type filter hook input priority filter; policy counter drop;
>
> Perhaps you mean something like this syntax:
>
> type filter hook input priority filter; counter; policy drop;
>
> to enable basechain counters.
>
> No, this is not supported.
>
> > ...but the above fails.
>
> You have to place a counter after all your rules to count those that
> reach the basechain as you suggest.
Would netfilter-dev consider a feature request for adding a "counter"
option to the policy of section of a chain? Or has it already been
suggested and rejected?
Thank you for the dialogue!
-m
