diff --git a/docs/Accounting.xml b/docs/Accounting.xml index 1dd987f69..6e3663547 100644 --- a/docs/Accounting.xml +++ b/docs/Accounting.xml @@ -18,7 +18,7 @@ - 2003-2009 + 2003-2016 Thomas M. Eastep @@ -439,34 +439,7 @@ ACCOUNT(loc-net,$INT_NET) - INT_IF COM_IF Per-IP Accounting Shorewall 4.4.17 added support for per-IP accounting using the - ACCOUNT target. That target is only available when xtables-addons is - installed. This support has been successfully tested with xtables-addons - 1.32 on: - - - - Fedora 14 - - - - Debian Squeeze - - - - OpenSuSE 11.3 - - - - and xtables-addons Version 1.21 on: - - - - Debian Lenny - - - - Information about xtables-addons installation may be found at here. + ACCOUNT target. Per-IP accounting is configured in shorewall-accounting (5) @@ -567,35 +540,8 @@ gateway:~# purging and/or reloading the Netfilter ruleset. Shorewall support for this form of accounting was added in Shorewall 4.5.7. - As of this writing (late July 2012), Fedora 17 has partial support - for this feature but not all. It is necessary to download and build the - following: - - - - libnetfilter_acct - - - - nfacct - - - - The following Fedora packages are also required: - - - - libnetlink and libnetlink-dev - - - - libmnl and libmnl-dev - - - - The tarballs are available from the Netfilter download sites. - - The nfacct utility can create, delete and display nfacct + Use of this feature requires that the nfacct utility be installed. + The nfacct utility can create, delete and display nfacct objects. These named objects consist of a packet and byte counter. Packets matching those netfilter rules that use the nfacct match cause the packet and byte count in the object named in the match to be @@ -622,8 +568,8 @@ gateway:~# save - Causes the packet and byte counters to be saved along with - the chains and rules. + Causes the packet and byte counters to be saved along with the + chains and rules. @@ -632,7 +578,7 @@ gateway:~# Causes the packet and byte counters (if saved) to be restored - along with the chains and rules. + along with the chains and rules. If your iptables ruleset depends on variables that are @@ -652,7 +598,7 @@ gateway:~# effect if the option is also specified. If a previously-saved configuration is restored, then the packet and byte counters (if saved) will be restored along with the chains and - rules. + rules. If your iptables ruleset depends on variables that are @@ -684,8 +630,8 @@ gateway:~# - If you wish to (approximately) preserve the counters over a - possibly unexpected reboot, then: + If you wish to (approximately) preserve the counters over a possibly + unexpected reboot, then: