Originally Posted by OrcPeon
Say now I would like to reset A's stats ?
This is the inelegant part. You see, the kernel-level code for the quota
match is very simple. An advantage of this is that code maintenance is very easy. A disadvantage is that there is no way to modify a state from userspace (i.e., you may only create and delete quotas, but once you’ve created them, they must run their course). This is different from other such netfilter modules (e.g., recent
) which offer a /proc
filesystem interface for managing their respective properties.
So the only way to “reset” a quota is to delete and re-add the rule. E.g., if you are reseting client A’s quota in the example from post four, try this:
iptables -D A 1
iptables -I A -m quota --quota 1073741824 -j ACCEPT
This sort of “reset” functionality may be added to a monthly cron script or the like.
An additional caveat (caused by the lack of /proc
interface) is the inability to save the state and reload it. So once the router is powercycled, even if you use iptables-save
, you will inadvertently reset the quota (i.e., there is as of yet no way to remember how much of the quota your client has used when you restart the computer). The only way to prevent this is to keep your computer running all the time (which is not so unusual for a router).