shorewall-accounting 5 accounting Shorewall Accounting file /etc/shorewall/accounting Accounting rules exist simply to count packets and bytes in categories that you define in this file. You may display these rules and their packet and byte counters using the shorewall show accounting command. The columns in the file are as follows. ACTION What to do when a matching packet is found. COUNT Simply count the match and continue with the next rule DONE Count the match and don't attempt to match any other accounting rules in the chain specified in the CHAIN column. chain:COUNT Where chain is the name of a chain. Shorewall will create the chain automatically if it doesn't already exist. Causes a jump to that chain. If :COUNT is included, a counting rule matching this record will be added to chain CHAIN The name of a chain. If specified as - the accounting chain is assumed. This is the chain where the accounting rule is added. The chain will be created if it doesn't already exist. SOURCE Packet Source. The name of an interface, an address (host or net) or an interface name followed by ":" and a host or net address. DESTINATION Packet Destination. Format same as SOURCE column. PROTOCOL A protocol name (from protocols(5)), a protocol number, ipp2p, ipp2p:udp or ipp2p:all DEST PORT(S) Destination Port number. If the PROTOCOL is ipp2p then this column must contain an ipp2p option ("iptables -m ipp2p --help") without the leading "--". If no option is given in this column, "ipp2p" is assumed. Service name from services(5) or port number. May only be specified if the protocol is tcp or udp (6 or 17). You may place a comma-separated list of port numbers in this column if your kernel and iptables include multiport match support. SOURCE PORT(S) Source Port Service name from services(5) or port number. May only be specified if the protocol is TCP or UDP (6 or 17). You may place a comma-separated list of port numbers in this column if your kernel and iptables include multiport match support. USER/GROUP This column may only be non-empty if the SOURCE is the firewall itself. The column may contain: [!][user name or number][:group name or number][+program name] When this column is non-empty, the rule applies only if the program generating the output is running under the effective user and/or group specified (or is NOT running under that id if "!" is given). Examples: joe program must be run by joe :kids program must be run by a member of the 'kids' group !:kids program must not be run by a member of the 'kids' group +upnpd #program named upnpd The ability to specify a program name was removed from Netfilter in kernel version 2.6.14. In all of the above columns except ACTION and CHAIN, the values -, any and all may be used as wildcards. Omitted trailing columns are also treated as wildcards. /etc/shorewall/accounting shorewall(8), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_routes(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)