2003-08-10 03:11:50 +02:00
|
|
|
#
|
|
|
|
|
# Shorewall version 1.4 - Accounting File
|
|
|
|
|
#
|
|
|
|
|
# /etc/shorewall/accounting
|
|
|
|
|
#
|
|
|
|
|
# Accounting rules exist simply to count packets and bytes in categories
|
|
|
|
|
# that you define in this file. You may display these rules and their
|
|
|
|
|
# packet and byte counters using the "shorewall show accounting" command.
|
|
|
|
|
#
|
2003-08-11 03:36:32 +02:00
|
|
|
# Please see http://shorewall.net/Accounting.html for examples and
|
|
|
|
|
# additional information about how to use this file.
|
2003-08-10 03:11:50 +02:00
|
|
|
#
|
2003-08-11 03:36:32 +02:00
|
|
|
# This file has two sections -- the first section is used to create a
|
|
|
|
|
# hierarchy of accounting chains. The second section creates rules to
|
|
|
|
|
# count traffic through your firewall.
|
|
|
|
|
#
|
|
|
|
|
# In the first section of this file, entries have the following columns:
|
|
|
|
|
#
|
|
|
|
|
# ACTION - Must contain CHAIN
|
|
|
|
|
#
|
|
|
|
|
# CHAIN - The name of a chain to create. Shorewall will create
|
|
|
|
|
# this chain. If the chain already exists, a warning
|
|
|
|
|
# message is issued and the entry is ignored.
|
|
|
|
|
#
|
|
|
|
|
# NEXT CHAIN - Optional - The name of a previously-created chain
|
|
|
|
|
#
|
|
|
|
|
# If the NEXT CHAIN column is empty then Shorewall will add a single
|
|
|
|
|
# RETURN rule to the chain named in the CHAIN column. If the NEXT
|
|
|
|
|
# CHAIN column is not empty then Shorewall will add a jump from the
|
|
|
|
|
# newly-created chain to the chain named in the NEXT CHAIN column.
|
|
|
|
|
#
|
|
|
|
|
#ACTION CHAIN NEXT CHAIN
|
|
|
|
|
|
|
|
|
|
# ADD YOUR CHAIN DECLARATIONS ABOVE THIS LINE
|
|
|
|
|
#
|
|
|
|
|
# Columns in the second section of this file are are:
|
2003-08-10 03:11:50 +02:00
|
|
|
#
|
2003-08-10 18:01:21 +02:00
|
|
|
# ACTION - What to do when a match is found.
|
|
|
|
|
#
|
|
|
|
|
# COUNT - Simply count the match and continue
|
|
|
|
|
# with the next rule
|
|
|
|
|
# DONE - Count the match and don't attempt
|
|
|
|
|
# to match any other accounting rules.
|
|
|
|
|
# <chain> - The name of a chain. Shoreall will
|
2003-08-11 03:36:32 +02:00
|
|
|
# create the chain automatically if
|
|
|
|
|
# it was not created by an earlier
|
|
|
|
|
# CHAIN declaration above.
|
2003-08-10 18:01:21 +02:00
|
|
|
#
|
2003-08-10 03:11:50 +02:00
|
|
|
# SOURCE - Packet Source
|
|
|
|
|
#
|
|
|
|
|
# The name of an interface, an address (host or net) or
|
|
|
|
|
# an interface name followed by ":"
|
|
|
|
|
# and a host or net address.
|
|
|
|
|
#
|
|
|
|
|
# DESTINATION - Packet Destination
|
|
|
|
|
#
|
|
|
|
|
# Format the same as the SOURCE column.
|
|
|
|
|
#
|
|
|
|
|
# PROTOCOL A protocol name (from /etc/protocols), a protocol
|
|
|
|
|
# number.
|
|
|
|
|
#
|
|
|
|
|
# DEST PORT Destination Port number
|
|
|
|
|
#
|
|
|
|
|
# Service name from /etc/services or port number. May
|
|
|
|
|
# only be specified if the protocol is TCP or UDP (6
|
|
|
|
|
# or 17).
|
|
|
|
|
#
|
|
|
|
|
# SOURCE PORT Source Port number
|
|
|
|
|
#
|
|
|
|
|
# Service name from /etc/services or port number. May
|
|
|
|
|
# only be specified if the protocol is TCP or UDP (6
|
|
|
|
|
# or 17).
|
|
|
|
|
#
|
2003-08-11 03:36:32 +02:00
|
|
|
# In all of the above columns except ACTION, the values "-", "any" and
|
|
|
|
|
# "all" may be used as wildcards
|
|
|
|
|
#
|
|
|
|
|
# Please see http://shorewall.net/Accounting.html for examples and
|
|
|
|
|
# additional information about how to use this file.
|
|
|
|
|
#
|
2003-08-10 18:01:21 +02:00
|
|
|
#ACTION SOURCE DESTINATION PROTOCOL DEST PORT SOURCE PORT
|
2003-08-11 04:12:48 +02:00
|
|
|
$
|
|
|
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
