mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Some accounting fixes (code and docs)
This commit is contained in:
parent
2af846ef9e
commit
303afe8c7e
@ -570,6 +570,7 @@ sub initialize( $ ) {
|
||||
FWMARK_RT_MASK => undef,
|
||||
MARK_ANYWHERE => undef,
|
||||
HEADER_MATCH => undef,
|
||||
ACCOUNT_TARGET => undef,
|
||||
CAPVERSION => undef,
|
||||
KERNELVERSION => undef,
|
||||
);
|
||||
|
@ -124,6 +124,12 @@ Beta 3
|
||||
traffic (IP is SRC) are listed. The -f option causes the table to
|
||||
be flushed (reset all counters to zero).
|
||||
|
||||
One nice feature of per-IP accounting is that the counters survive
|
||||
'shorewall restart'. This has a downside, however. If you change
|
||||
the <network> associated with an accounting table, then you must
|
||||
"shorewall stop; shorewall start" to have a successful restart
|
||||
(counters will be cleared).
|
||||
|
||||
Beta 2
|
||||
|
||||
1) Traditionally, the -lite products have used the modules (or
|
||||
|
@ -262,8 +262,13 @@
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Versions of xtables-addons supporting the ACCOUNT target do not
|
||||
install successfully on Debian Lenny.</para>
|
||||
<para>and xtables-addons Version 1.21 on:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Debian Lenny</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Information about xtables-addons installation may be found at <ulink
|
||||
url="Dynamic.html#xtables-addons">here</ulink>.</para>
|
||||
@ -290,6 +295,12 @@
|
||||
notation. The network can be as large as a /8 (class A).</member>
|
||||
</simplelist>
|
||||
|
||||
<para>One nice feature of per-IP accounting is that the counters survive
|
||||
<command>shorewall restart</command>. This has a downside, however. If you
|
||||
change the network associated with an accounting table, then you must
|
||||
<command>shorewall stop; shorewall start</command> to have a successful
|
||||
restart (counters will be cleared). </para>
|
||||
|
||||
<para>Example: Suppose your WAN interface is eth0 and your LAN interface
|
||||
is eth1 with network 172.20.1.0/24. To account for all traffic between the
|
||||
WAN and LAN interfaces:</para>
|
||||
@ -299,9 +310,11 @@ ACCOUNT(net-loc,172.20.1.0/24) - eth0 eth1
|
||||
ACCOUNT(net-loc,172.20.1.0/24) - eth1 eth0</programlisting>
|
||||
|
||||
<para>This will create a <emphasis role="bold">net-loc</emphasis> table
|
||||
for counting packets and bytes for traffic between the two interfaces. The
|
||||
table is dumped using the <command>iptaccount</command> utility (part of
|
||||
xtables-addons):</para>
|
||||
for counting packets and bytes for traffic between the two
|
||||
interfaces.</para>
|
||||
|
||||
<para>The table is dumped using the <command>iptaccount</command> utility
|
||||
(part of xtables-addons):</para>
|
||||
|
||||
<programlisting><command>iptaccount [-f] -l net-loc</command></programlisting>
|
||||
|
||||
|
@ -109,6 +109,13 @@
|
||||
/8 (class A).</member>
|
||||
</simplelist>
|
||||
|
||||
<para>One nice feature of per-IP accounting is that the
|
||||
counters survive <command>shorewall restart</command>. This
|
||||
has a downside, however. If you change the network associated
|
||||
with an accounting table, then you must <command>shorewall
|
||||
stop; shorewall start</command> to have a successful restart
|
||||
(counters will be cleared).</para>
|
||||
|
||||
<para>The counters in a <replaceable>table</replaceable> are
|
||||
printed using the <command>iptaccount</command> utility. As of
|
||||
February 2011, the ACCOUNT Target capability and the
|
||||
|
Loading…
Reference in New Issue
Block a user