LINUX.ORG.RU
ФорумGeneral

IPTables


0

0 

Решил собирать трафик по IPTables.
Статью нашел по теме: http://www.opennet.ru/base/net/iptables_stat.txt.html

Только работает она не так:
# eth0-stat ; cat eth0.dat
2
0

Скачал полтора мегабайта:
# eth0-stat ; cat eth0.dat
2
0

-----------------------------------

# cat `which eth0-stat`
#!/bin/sh

IPT=/sbin/iptables
GREP=/bin/grep
AWK=/bin/awk

function getStat
{
        _INPUT=`$IPT -L INPUT -x -v |$GREP $1| $AWK '{print($2)}'`
        _FWD_IN=`$IPT -L FORWARD -x -v|$GREP $1|$GREP fwd_in| $AWK '{print($2)}'`
        _RX=`expr $_INPUT + $_FWD_IN`
        RX=`expr $_RX \/ 300` # one time per 5 mins = 300 secs

        _OUTPUT=`$IPT -L OUTPUT -x -v |$GREP $1| $AWK '{print($2)}'`
        _FWD_OUT=`$IPT -L FORWARD -x -v |$GREP $1|$GREP fwd_out| $AWK '{print($2)}'`    _TX=`expr $_OUTPUT + $_FWD_OUT`
        TX=`expr $_TX \/ 300`

        echo $RX > $2
        echo $TX >> $2
}

getStat eth0 /mine/temp/eth0.dat
#$IPT -Z

-----------------------------------

# iptables-save
# Generated by iptables-save v1.3.2 on Wed Oct  5 17:44:11 2005
*nat
:PREROUTING ACCEPT [351:9828]
:POSTROUTING ACCEPT [322:20819]
:OUTPUT ACCEPT [322:20819]
COMMIT
# Completed on Wed Oct  5 17:44:11 2005
# Generated by iptables-save v1.3.2 on Wed Oct  5 17:44:11 2005
*mangle
:PREROUTING ACCEPT [3845:2976763]
:INPUT ACCEPT [3845:2976763]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3545:443043]
:POSTROUTING ACCEPT [3545:443043]
COMMIT
# Completed on Wed Oct  5 17:44:11 2005
# Generated by iptables-save v1.3.2 on Wed Oct  5 17:44:11 2005
*filter
:INPUT DROP [351:9828]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:forward - [0:0]
:fwd_in - [0:0]
:fwd_out - [0:0]
:in_traf - [0:0]
:input - [0:0]
:output - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j input
-A FORWARD -i eth0 -j fwd_in
-A FORWARD -o eth0 -j fwd_out
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 32768:65535 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 32768:65535 -j ACCEPT
-A OUTPUT -o eth0 -j output
-A fwd_in -j forward
-A fwd_out -j forward
COMMIT

Я в IPTables не шарю, может подскажите, что не так.

somecore
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
General