path: root/extensions/
diff options
Diffstat (limited to 'extensions/')
1 files changed, 30 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
new file mode 100644
index 00000000..b755f977
--- /dev/null
+++ b/extensions/
@@ -0,0 +1,30 @@
+The nfacct match provides the extended accounting infrastructure for iptables.
+You have to use this match together with the standalone user-space utility
+.B nfacct(8)
+The only option available for this match is the following:
+\fB\-\-nfacct\-name\fP \fIname\fP
+This allows you to specify the existing object name that will be use for
+accounting the traffic that this rule-set is matching.
+To use this extension, you have to create an accounting object:
+nfacct add http\-traffic
+Then, you have to attach it to the accounting object via iptables:
+iptables \-I INPUT \-p tcp \-\-sport 80 \-m nfacct \-\-nfacct\-name http\-traffic
+iptables \-I OUTPUT \-p tcp \-\-dport 80 \-m nfacct \-\-nfacct\-name http\-traffic
+Then, you can check for the amount of traffic that the rules match:
+nfacct get http\-traffic
+{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = http-traffic;
+You can obtain
+.B nfacct(8)
+from or, alternatively, from the