Jump to content
and_woox

Traffic counter for an internal client

Recommended Posts

I'm working with connbytes to limit the number of traffic(in/out) for a client in my network, but to no avail.

For example if i would like to limit all trafic(not restricted to one client) i could use:

 

iptables -A INPUT -m connbytes --connbytes 10000:100000 -j DROP

 

How i would especify an ip?

How can i reset this counter every month?

Thank you

Share this post


Link to post
Share on other sites

Maybe something like:

 

iptables -A INPUT -s x.x.x.x -m connbytes --connbytes 10000:100000 -j DROP

 

replacing x.x.x.x with the IP you want to have as the source IP to monitor. Unless it's a destination IP, then change -s to -d.

Share this post


Link to post
Share on other sites

iptables-save and iptables-restore will reset counters

Share this post


Link to post
Share on other sites
iptables-save and iptables-restore will reset counters

For me to use these commands i will have to work with other iptables.

Is there a way for me to reset the counter in a direct way?

Share this post


Link to post
Share on other sites

I'm not sure how more direct you can get than using iptables-save and iptables-restore :unsure:

 

However, if iptables is configured correctly, on an rpm distro, you can probably just do this with:

 

service iptables restart

 

or restart the service in the gui if you prefer not to use the command line. Make sure that /etc/sysconfig/iptables is configured to save any rules when it shuts down. Also, if for example you wanted to restart the service at the end of the month for example, if you were monitoring for a month, then you'd schedule a job in /etc/cron.monthly to restart the service for you. Then just sit back and never have to reset it yourself.

Share this post


Link to post
Share on other sites

Thanks for the tip.

I used this script for connbytes:

iptables -A INPUT -s 198.168.1.196 -m connbytes --connbytes 3000000: -j DROP

but my connection kept going.

Do you see anything missing?

Share this post


Link to post
Share on other sites

Looking at iptables man page:

 

connbytes
   Match by how many bytes or packets a connection  (or  one  of  the  two
   flows  constituting the connection) have tranferred so far, or by aver-
   age bytes per packet.

   The counters are 64bit and are thus not expected to overflow;)

   The primary use is to detect long-lived downloads and mark them  to  be
   scheduled using a lower priority band in traffic control.

   The  transfered  bytes  per  connection  can  also  be  viewed  through
   /proc/net/ip_conntrack and accessed via ctnetlink

   [!] --connbytes from:[to]
		  match packets  from  a  connection  whose  packets/bytes/average
		  packet size is more than FROM and less than TO bytes/packets. if
		  TO is omitted only FROM check is done.  "!"  is  used  to  match
		  packets not falling in the range.

 

it looks OK, so I don't know why as I've never tried it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...