Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2008
    Naperville, Illinois

    iptables counting TCP

    I am trying to use ip tables to count different types of packets.
    Actually http, sql, all tcp and udp. For the example here I will just
    show one command I did, but it is analagous for the others.
    To count http incoming, for instance, I do (this also goes into the
    /etc/sysconfig/iptables without the initial "iptables" and comments after)

    iptables -N HTTPIN # Create new chain
    iptables -I INPUT -p tcp -m tcp --dport 80 -j HTTPIN # port 80 incoming to chain
    iptables -I HTTPIN -j ACCEPT

    then at some point I do an iptables -L INPUX -xnv and I can grep the chain and count the
    bytes, then zero it (iptables -Z) wait 1/2 hour and repeat (via cronjob).

    Now this works fine (I also do with MYSQLIN, TCPIN, UDPIN and OUT). But I am

    1 - is this correct? Will it impede system performance, etc?
    2 - is the ACCEPT stuff necessary? They seem to be accepted anyway.
    3 - It seems to matter whn you do TCP (all TCP) and HTTP (just port 80) which
    rule comes first?


  2. #2
    Re (2), the ACCEPT is necessary only if there's a potential for it to be dropped later in the flow, or you otherwise want the flow to accept & stop at that point for the given packet.

    In the case of your example, the ACCEPT is unnecessary, as I believe the packet will already get accepted since that's the end of the script. However, other scripts may DROP everything at the end, in which case you'd explicitly want to ACCEPT.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts