Hello,
Whenever I add a rule to iptables, all of the policy counters reset. The counters for each individual rule remain intact, however, the main counter resets.
Here's what I mean:
Code:
[root] ~ # iptables -vL
Chain INPUT (policy ACCEPT 65M packets, 83G bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 50M packets, 30G bytes)
pkts bytes target prot opt in out source destination
[root] ~ # iptables -A INPUT -s 192.168.1.2 -j DROP
[root] ~ # iptables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any 192.168.1.2 anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
As you can see, when I added the rule, the counters under "policy" reset to 0. If I were to add another rule, the counters for the 192.168.1.2 rule would remain intact, but the counters for the policy would again be reset.
Code:
[root] ~ # iptables -vL
Chain INPUT (policy ACCEPT 12M packets, 14G bytes)
pkts bytes target prot opt in out source destination
44 9210 DROP all -- any any 192.168.1.2 anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 8756K packets, 10G bytes)
pkts bytes target prot opt in out source destination
[root] ~ # iptables -A INPUT -s 192.168.1.3 -j DROP
[root] ~ # iptables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
44 9210 DROP all -- any any 192.168.1.2 anywhere
0 0 DROP all -- any any 192.168.1.3 anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Is this expected behavior? Can it be fixed?
Code:
[root] ~ # iptables -V
iptables v1.4.10
[root] ~ # uname -a
Linux nas 2.6.36 #2 SMP Wed Nov 24 02:36:43 CET 2010 i686 i686 i386 GNU/Linux
Thank you!
-FM