iptables: reading counters
Hi!
I have an 'accept' chain, which looks like this:
pkts bytes target prot opt in out source destination
123 3444 ACCEPT all -- eth0 * 0.0.0.0/0 1.2.3.4/32
456 23334 ACCEPT all -- eth0 * 0.0.0.0/0 1.2.3.5/32
789 32345 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
[...]
This lets me collect packet and byte counts for different kinds of traffic. In
order to generate nice graphs, I need to read those counts from
'iptables -L -vn --exact' output.
However the uncomfortable part is finding out which counters are for which
traffic. Currently I use awk and match stuff to a parameter like this:
s == "foo-out" && $7 == "eth2" && $8 == "eth1" && $9 == "192.168.254.2" ||
s == "bar-out" && $7 == "eth2" && $8 == "eth3" && $9 == "192.168.254.2" ||
[...]
s == "other" && $9 == "192.168.0.0/24" { print $3 " " $2 ; exit }
But this gets very complicated when I want to differentiate between port
numbers etc.
Therefore I would like to somehow attach a "label" (like "server-in" or
"lan-http" or "other") directly to iptables -L output. Then I would just have
to use the label in two places: the chain setup script, and the counter reading
script. Is there some way to do that? I don't want to use line numbers, since
they change too much and way too often (e.g.at the time any rule is removed).
regards,
Marcin
--
Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Reply to: