Thomas, Create a rule for each possible source address, i.e.:
for i in 127.0.0.1 192.168.1.1 192.168.1.2 192.168.1.3; do ipchains -A input -s $i done That will set up counters for traffic coming from 127.0.0.1, 192.168.1.1, 192.168.1.2, and 192.168.1.3, all with their own counters. Alternatively, you could do this: ipchains -N incoming inchains -A incoming for i in 127.0.0.1 192.168.1.1 192.168.1.2 192.168.1.3; do ipchains -A input -s $i -j incoming done Notice the ipchains -A incoming line; that creates a no-op rule whose sole purpose is for the counters attached to each rule. It would match _all_ packets, but not alter them in any way -- just count them. In addition, the rules for each host (with `-j incoming' on the end) would also have their own, separate counters. This entire rule set does nothing to incoming packets other than to count them. Regards, Alex. --- PGP/GPG Fingerprint: EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/CM>CC/IT d- s:+ a16 C++(++++)>$ UL++++>$ P---() L+++>+ E+>+ W+(-) N o? K? w--() !O M- !V PS+>+ PE- Y+ PGP t+ !5 X-- !R tv b DI D++ G>+++ e-- h! !r y ------END GEEK CODE BLOCK------ On Fri, 14 Jul 2000, Thomas Guettler wrote: > > Thanks, Leen, Alexander and Tim for your answers. > > I found the solution. I produced the traffic myself. > I did "ipchains -v -L" every second in a script to see what happens > on my network. I am interested in amount of traffic, at the moment. > But ipchains itselfs displays ip-adresses with names, not numbers, > so I had several dns-queries every second! > Now I do "watch -n 1 -d 'echo started at: $DATE_START; ipchains -vn -L'" > (-n!) and it works fine. > > Alexander, you said I shouldn't use "-j ACCEPT", but I want > to split the traffic in three categories: > from 127.* from company-addresses and from rest. > Unfortunately you can't use boolean operators in "-s / -d". > "-s (127.0.0.0/8 | 192.168.0.0/16)" would be cool. > Is there a way of doing this? > > That's way I use "-j rule" at the moment. I want to change > ACCEPT to my_rule someday if I have time to. > > # count access from localhost > ipchains -A input -s 127.0.0.0/8 -i lo -j ACCEPT > # count access from gurkensalat (localhost) > ipchains -A input -s gurkensalat -j ACCEPT > # count access from internal network > ipchains -A input -s 193.101.57.0/24 -j ACCEPT > # count access from rest (internet) > ipchains -A input -j ACCEPT > > > > -- > Thomas Guettler > Office: > <[EMAIL PROTECTED]> http://www.interface-business.de > Private: > <[EMAIL PROTECTED]> http://yj.org/guettli > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
