diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-03-27 10:23:49 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-03-27 10:51:55 +0200 |
commit | f233df44196f568075a5d70fc29f31b72b512783 (patch) | |
tree | 480b5f42fdb8b57f7ad4b0eecfa83ebeba05d8e2 /extensions/libxt_nfacct.man | |
parent | c0aa38e22e8a09fcb1898ad0e042eaf6314d2d42 (diff) |
extensions: add nfacct match
This patch provides the user-space iptables support for the nfacct match.
This can be used as it follows:
nfacct add http-traffic
iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic
iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic
nfacct get http-traffic
See also man nfacct(8) for more information.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_nfacct.man')
-rw-r--r-- | extensions/libxt_nfacct.man | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/extensions/libxt_nfacct.man b/extensions/libxt_nfacct.man new file mode 100644 index 00000000..b755f977 --- /dev/null +++ b/extensions/libxt_nfacct.man @@ -0,0 +1,30 @@ +The nfacct match provides the extended accounting infrastructure for iptables. +You have to use this match together with the standalone user-space utility +.B nfacct(8) +.PP +The only option available for this match is the following: +.TP +\fB\-\-nfacct\-name\fP \fIname\fP +This allows you to specify the existing object name that will be use for +accounting the traffic that this rule-set is matching. +.PP +To use this extension, you have to create an accounting object: +.IP +nfacct add http\-traffic +.PP +Then, you have to attach it to the accounting object via iptables: +.IP +iptables \-I INPUT \-p tcp \-\-sport 80 \-m nfacct \-\-nfacct\-name http\-traffic +.IP +iptables \-I OUTPUT \-p tcp \-\-dport 80 \-m nfacct \-\-nfacct\-name http\-traffic +.PP +Then, you can check for the amount of traffic that the rules match: +.IP +nfacct get http\-traffic +.IP +{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = http-traffic; +.PP +You can obtain +.B nfacct(8) +from http://www.netfilter.org or, alternatively, from the git.netfilter.org +repository. |