* Iptables counting with Layer7 patch
@ 2005-06-06 11:36 Douglas Lane
0 siblings, 0 replies; 3+ messages in thread
From: Douglas Lane @ 2005-06-06 11:36 UTC (permalink / raw)
To: netfilter
Hi All,
I am wondering, if its possible to setup counters using mark under MANGLE to
mark certain packets that get tagged by the Layer7 patch.
Basically I want to take certain traffic (such as VoIP,HTTP,FTP,etc...) and
mark it on INPUT, OUTPUT and FORWARD chains and then using iptables -v to
get the packet statistics and log it into MRTG or something similar.
Is it possible, and any ideas how I go about doing this?
Thanks
Doug
^ permalink raw reply [flat|nested] 3+ messages in thread
* Iptables counting with Layer7 patch
@ 2005-06-06 11:37 Douglas Lane
2005-06-07 15:25 ` Andre Raabe
0 siblings, 1 reply; 3+ messages in thread
From: Douglas Lane @ 2005-06-06 11:37 UTC (permalink / raw)
To: netfilter
Hi All,
I am wondering, if its possible to setup counters using mark under MANGLE to
mark certain packets that get tagged by the Layer7 patch.
Basically I want to take certain traffic (such as VoIP,HTTP,FTP,etc...) and
mark it on INPUT, OUTPUT and FORWARD chains and then using iptables -v to
get the packet statistics and log it into MRTG or something similar.
Is it possible, and any ideas how I go about doing this?
Thanks
Doug
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Iptables counting with Layer7 patch
2005-06-06 11:37 Iptables counting with Layer7 patch Douglas Lane
@ 2005-06-07 15:25 ` Andre Raabe
0 siblings, 0 replies; 3+ messages in thread
From: Andre Raabe @ 2005-06-07 15:25 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 828 bytes --]
On Mon, Jun 06, 2005 at 01:37:46PM +0200, Douglas Lane wrote:
>
> Basically I want to take certain traffic (such as VoIP,HTTP,FTP,etc...) and
> mark it on INPUT, OUTPUT and FORWARD chains and then using iptables -v to
> get the packet statistics and log it into MRTG or something similar.
>
Yes it is possible. Try:
iptables -t mangle -A INPUT -m layer7 --l7proto http \
-j MARK --set-mark 1
iptables -t mangle -A FORWARD -m layer --l7proto http \
-j MARK --set-mark 2
iptables -t mangle -A OUTPUT -m layer --l7proto http \
-j MARK --set-mark 3
Get packet statistics with:
iptables -t mangle -L -n -v
Best regards,
--
Andre Raabe <andre.raabe@gmx.de>
GnuPG: 0xD275A240 | 8B69 EABD 46A4 3B88 354B A25C 4322 AC35 D275 A240
http://www.tuxknowledge.org | bash@jabber.ccc.de | encryption welcome
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-06-07 15:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-06 11:37 Iptables counting with Layer7 patch Douglas Lane
2005-06-07 15:25 ` Andre Raabe
-- strict thread matches above, loose matches on Subject: below --
2005-06-06 11:36 Douglas Lane
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.