Connection Stats per interface using iptables

Connection Stats per interface using iptables

[Shyam Prasad]

Hi All,

I need to get statistics like 
Total outgoing connections
Total incomming connections
Total Connections dropped 
Total TCP ,UDP data
and other protocol stats on "PER INTERFACE" basis.

Is there a way to directly fetch these stats using
iptables rule or i
 have to create separate chains for each interface
,redirect the traffic
 to these interface specific chains and then calculate
the stats.

netstat -s gives me some info but it is the total info
on all
 interfaces but not on per interface basis...any
pointers ???

Regards,
Shyam.

Re: Connection Stats per interface using iptables

[Grant Taylor]

On 11/05/07 02:09, Shyam Prasad wrote:
> Is there a way to directly fetch these stats using iptables rule or i 
> have to create separate chains for each interface ,redirect the 
> traffic to these interface specific chains and then calculate the 
> stats.

Yes you can use IPTables to gather this information for you.  IPTables 
its self does not keep track of this information, but you could easily 
write rules to act act as counters that you would then later check the 
number of packets they have matched.  You just need to add some rules to 
IPTables to match the input and / or the output interface and / or any 
other protocol information.

Depending on how many rules you are going to write, you may want to look 
at optimizing the rules a bit by creating a user defined chain for each 
interface.  With user defined chains you will not have to have packets 
traverse rules that they will never match.



Grant. . . .