Hi!
I have an 'accept' chain, which looks like this:
pkts bytes target prot opt in out source destination 123 3444 ACCEPT all -- eth0 * 0.0.0.0/0 1.2.3.4/32 456 23334 ACCEPT all -- eth0 * 0.0.0.0/0 1.2.3.5/32 789 32345 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 [...]
This lets me collect packet and byte counts for different kinds of traffic. In order to generate nice graphs, I need to read those counts from 'iptables -L -vn --exact' output.
However the uncomfortable part is finding out which counters are for which traffic. Currently I use awk and match stuff to a parameter like this:
s == "foo-out" && $7 == "eth2" && $8 == "eth1" && $9 == "192.168.254.2" || s == "bar-out" && $7 == "eth2" && $8 == "eth3" && $9 == "192.168.254.2" || [...] s == "other" && $9 == "192.168.0.0/24" { print $3 " " $2 ; exit }
But this gets very complicated when I want to differentiate between port numbers etc.
Therefore I would like to somehow attach a "label" (like "server-in" or "lan-http" or "other") directly to iptables -L output. Then I would just have to use the label in two places: the chain setup script, and the counter reading script. Is there some way to do that? I don't want to use line numbers, since they change too much and way too often (e.g.at the time any rule is removed).
regards,
Marcin
I may not understand what you're trying to do, and I'm no good with awk, but I'm pretty sure that the output of iptables -L -vn will be explicit if your iptables rule is explicit. i.e.
This rule . . .
$IPTABLES -A INPUT -i $EXT_IF -j ACCEPT
just shows up shows up as
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
But this rule with a specific protocol and port specified . . .
$IPTABLES -A INPUT -i $EXT_IF -p tcp -s $ADMIN_IP -d $EXT_IP --dport 22:22 -j ACCEPT
Show up with "tcp dpt:22" at the end, which allows you to identify it as ssh.
0 0 ACCEPT tcp -- eth0 * 65.100.35.140 66.253.12.168 tcp dpt:22
Could you re-write your rules to be more specific and then use the protocol:port info to glean what type of traffic it is?
