Re: iptables: reading counters

To: debian-firewall@lists.debian.org
Subject: Re: iptables: reading counters
From: Marcin Owsiany <porridge@debian.org>
Date: Thu, 6 Jan 2005 14:20:57 +0100
Message-id: <20050106132057.GB21137@melina11.ds11.agh.edu.pl>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <20050106125118.GL6908@hezmatt.org>
References: <20050106124739.GA21137@melina11.ds11.agh.edu.pl> <20050106125118.GL6908@hezmatt.org>

On Thu, Jan 06, 2005 at 11:51:18PM +1100, Matthew Palmer wrote:
> On Thu, Jan 06, 2005 at 01:47:39PM +0100, Marcin Owsiany wrote:
> > Therefore I would like to somehow attach a "label" (like "server-in" or
> > "lan-http" or "other") directly to iptables -L output. Then I would just have
> > to use the label in two places: the chain setup script, and the counter reading
> > script. Is there some way to do that? I don't want to use line numbers, since
> > they change too much and way too often (e.g.at the time any rule is removed).
> 
> I don't know how it does it, but have a look at ipac-ng

Thanks, looks nice, especially if I could add an RRD backend...

> -- it does precisely
> this same thing.  I don't think it uses any sort of tag thing.

Looks like it makes a note of the rules in /var/run/ipac.rules and then
uses line numbers on collect time.

Marcin
-- 
Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to:

References:
- iptables: reading counters
  - From: Marcin Owsiany <porridge@debian.org>
- Re: iptables: reading counters
  - From: Matthew Palmer <mpalmer@debian.org>

Prev by Date: Re: iptables: reading counters
Next by Date: Re: no ipchains with 2.2/no network with 2.4
Previous by thread: Re: iptables: reading counters
Next by thread: Re: iptables: reading counters
Index(es):
- Date
- Thread