-   Linux - Networking (
-   -   iptables-save, iptables-restore, how to set up them in some script (

sarajevo 03-24-2008 03:32 AM

iptables-save, iptables-restore, how to set up them in some script
Hi all,

I was curious, regarding download and upload I made on monthly basis so I set up some small but functional download counter like this :

iptables -N download
iptables -N upload

iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j download
iptables -A OUTPUT -o eth1 -j upload
....some other rules...

and it works, precisly count how much MB I download.
Using iptables-save -c > state_download.txt I can save it and
iptables-restore -c < state_download.txt restore it.
But here I am in some kind of loop, how to set up the last two steps automaticaly be done during shutdown/start-up process ?

For start-up process it is easy ...update-rc.d and so on, but how when machine is shutdown to save current state of iptables counters in some file and after starting it again, to start count from values writen in previous session.
Thanks in advance


beadyallen 03-25-2008 12:39 AM

The exact specifics will depend on your distro, but in general, you want to make a script (or edit an existing one) that's run at run level 6 (which is the shutdown run level). For Fedora (which calls the same as at startup, just with a 'stop' argument), you could edit the /etc/rc.d/rc6.d/K74iptables script to add your save command into the 'stop' procedure (K74iptables is just a symlink to /etc/init.d/iptables). Have a look to see how your particular distro shuts itself down. It'll be something similar to what I've described.

Good luck

All times are GMT -5. The time now is 09:54 PM.