* Marcel Welschbillig (marcel@comdek.net.au) [011205 16:35]: > I have ip tables running and i did a test with the -c flag but i get the > following response. > > proxy:/home# iptables -A INPUT -s 10.10.1.31 -i eth0 -c ACCEPT > iptables v1.2.4: -c requires packet and byte counter > > What am i missing ? where do i get a packet and byte counter ?? -c is to *set* the packet and byte counts that are kept automatically by the system. You can see these counts by typing iptables -L -v, and you can zero them by using -z. You can set them to some number you like with something like -c 10 1000. To create a rule that does nothing but count, just create the rule without a target. Packets that match will increment the counts but continue down the chains as if they hadn't matched (didn't jump anywhere, so where else would they go?) something like iptables -A INPUT -s 10.10.1.31 -i eth0 and that's it! Then use iptables -L INPUT -v and pay attention to the columns listed on the left. good times, Vineet -- Satan laughs when # "I disapprove of what you say, but I will we kill each other. # defend to the death your right to say it." Peace is the only way. # --Beatrice Hall, The Friends of Voltaire, 1906
Attachment:
pgpzYNy822NCY.pgp
Description: PGP signature