Re: iptables: reading counters

To: debian-firewall@lists.debian.org
Subject: Re: iptables: reading counters
From: Marcin Owsiany <porridge@debian.org>
Date: Sat, 8 Jan 2005 02:08:03 +0100
Message-id: <20050108010803.GA3271@melina11.ds11.agh.edu.pl>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <41DEE50E.4010805@sleepygeek.com>
References: <20050106124739.GA21137@melina11.ds11.agh.edu.pl> <41DEE50E.4010805@sleepygeek.com>

On Fri, Jan 07, 2005 at 11:37:50AM -0800, Nathan Barham wrote:
> Could you re-write your rules to be more specific and then use the
> protocol:port info to glean what type of traffic it is?

I'm not saying that it is impossible to do. In fact it is what I'm doing
at the moment. However it quickly becomes tedious and hard to maintain,
as the number of rules grows, since you need to specify ALL the
parameters twice - once in the chain setup rule, and once in the counter
collection script. One mistake, and the statistics are wrong.

What I would like to do, is to reduce the redundancy, by using some kind
of a label instead of all the parameters each time.

It looks like what I need to do is to write a script which will generate
the two forementioned scripts... or write my own iptables plugin :)

Marcin
-- 
Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to:

References:
- iptables: reading counters
  - From: Marcin Owsiany <porridge@debian.org>
- Re: iptables: reading counters
  - From: Nathan Barham <nathan@sleepygeek.com>

Prev by Date: Re: iptables: reading counters
Next by Date: Re: iptables: reading counters
Previous by thread: Re: iptables: reading counters
Next by thread: Re: iptables: reading counters
Index(es):
- Date
- Thread