Using IP Accounting Results
It is all very well to be collecting this information, but how do we actually get to see it? To view the collected accounting data and the configured accounting rules, we use our firewall configuration commands, asking them to list our rules. The packet and byte counters for each of our rules are listed in the output.
The ipfwadm, ipchains, and iptables commands differ in how accounting data is handled, so we will treat them independently.
Listing Accounting Data with ipfwadm
The most basic means of listing our accounting data with the ipfwadm command is to use it like this:
# ipfwadm -A -l
IP accounting rules
pkts bytes dir prot source destination ports
9833 2345K i/o all 172.16.3.0/24 anywhere n/a
56527 33M i/o all 172.16.4.0/24 anywhere n/a
This will tell us the number of packets sent in each direction. If we use
the extended output format with the -e
option (not shown here because the
output is too wide for the page), we are also supplied the options and
applicable interface names. Most of the fields in the output will be
self-explanatory, but the following may not:
- dir
The direction in which the rule applies. Expected values here are
in
,out
, ori/o
, meaning both ways.- prot
The protocols to which the rule applies.
- opt
A coded form of the options we use when invoking ipfwadm.
- ifname
The name of the interface to which the rule applies.
- ifaddress
The address of the interface to which the rule applies.
By default, ipfwadm displays the packet and byte counts in ...
Get Linux Network Administrator's Guide, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.