-   Linux - Networking (
-   -   iptables accounting rules (

petrax 10-29-2003 04:26 PM

iptables accounting rules
I am attempting to use ipac-ng to setup some ip-accounting rules with iptables.
I want to make sure I capturing all my internet traffic with these rules.

my net-config is LAN: eth0 Internet : ppp0
note my rp-pppoe is bound to eth0 as well.

internet download
# router
iptables -I INPUT 1 -i ppp0
# rest of network
iptables -I FORWARD -s -d ! -i eth0

I'm hoping that the FORWARD rule doesn't double count the INPUT rule.

clacour 11-10-2003 09:09 PM

I'm not absolutely certain, but I don't believe it will.

There are three built-in chains in the FILTER table: INPUT, FORWARD, and OUTPUT. From the description in the man page (man iptables), it seems pretty clear that it distiguishes between packets aimed at the box (INPUT) and packets just passing through (FORWARD).

Two comments:

What's the "-d !" for? Because of the stuff I just mentioned, I don't think the FORWARD rule would ever see such a packet, but I don't see any harm in leaving the possibility that it might route something to itself. (Actually, I just thought of something. I'm making a (possibly unwarranted) assumption that the box these rules are for is If it's not, ignore this.)

Second, you might want to change the "-I" to "-A". "-I" stands for insert, and it will insert the rule at the top of the chain. This means the last rule you have pertaining to a particular chain will be the first one checked (and the second-to-last will be the second checked, and so on until if finally gets to the first rule.)

Most people use "-A" (for append) so that the rules get added to the chain in the same order that they are in the iptables file. If you like RPN logic, there's nothing wrong with using the "-I", but I wanted to make sure you knew what it was doing.

Hope this helps,


All times are GMT -5. The time now is 04:21 AM.