| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Filter feature is working through NFACCT_FILTER netlink attribute.
If kernel doesn't support it, client will not get an error
and silently will work as before.
This patch adds following command line arguments: counters, overquota,
bytes-quota, pkts-quota. Which could be used with list operation.
Combination of these command line options isn't allowed.
For example.
user@root:/#nfacct list counters
will show counters without byte/packet based quota
user@root:/#nfacct list reset overquota
will reset value for overquoted counters only
Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The accounting framework now supports quota at the packet and byte
level. The tool is simply enhanced with two optional arguments to
specify the whether accounting for byte of packet and the limit
associated with each. Also adding a monitor mode that listens for
quota attainment notification.
Examples:
/* create an accounting object that isn't associated to a quota */
$ nfacct add first_no_quota
/* create a quota object with byte count limited to 50 byte */
$ nfacct add second_quota byte 50
/* create a quota object with packet count limited to 5 */
$ nfacct add third_quota packet 5
From there the accounting objects can be used in iptables the same
way as they did before:
/* limit the number of icmp packets allowed through the OUTPUT chain */
$ iptables -I OUTPUT -p icmp -m nfacct --nfacct-name third_quota -j REJECT
/* listening for quota attainment notification */
$ nfacct monitor
Everything else works the same way.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|