You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
1.0 KiB
31 lines
1.0 KiB
The nfacct match provides the extended accounting infrastructure for iptables.
|
|
You have to use this match together with the standalone user-space utility
|
|
.B nfacct(8)
|
|
.PP
|
|
The only option available for this match is the following:
|
|
.TP
|
|
\fB\-\-nfacct\-name\fP \fIname\fP
|
|
This allows you to specify the existing object name that will be use for
|
|
accounting the traffic that this rule-set is matching.
|
|
.PP
|
|
To use this extension, you have to create an accounting object:
|
|
.IP
|
|
nfacct add http\-traffic
|
|
.PP
|
|
Then, you have to attach it to the accounting object via iptables:
|
|
.IP
|
|
iptables \-I INPUT \-p tcp \-\-sport 80 \-m nfacct \-\-nfacct\-name http\-traffic
|
|
.IP
|
|
iptables \-I OUTPUT \-p tcp \-\-dport 80 \-m nfacct \-\-nfacct\-name http\-traffic
|
|
.PP
|
|
Then, you can check for the amount of traffic that the rules match:
|
|
.IP
|
|
nfacct get http\-traffic
|
|
.IP
|
|
{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = http-traffic;
|
|
.PP
|
|
You can obtain
|
|
.B nfacct(8)
|
|
from http://www.netfilter.org or, alternatively, from the git.netfilter.org
|
|
repository.
|