Man Linux: Main Page and Category List

NAME

       accounting - Shorewall Accounting file

SYNOPSIS

       /etc/shorewall/accounting

DESCRIPTION

       Accounting rules exist simply to count packets and bytes in categories
       that you define in this file. You may display these rules and their
       packet and byte counters using the shorewall show accounting command.

       The columns in the file are as follows.

       ACTION - {COUNT|DONE|chain[:COUNT]}
           What to do when a matching packet is found.

           COUNT
               Simply count the match and continue with the next rule

           DONE
               Count the match and don't attempt to match any other accounting
               rules in the chain specified in the CHAIN column.

           chain[:COUNT]
               Where chain is the name of a chain; Shorewall will create the
               chain automatically if it doesn't already exist. Causes a jump
               to that chain to be added to the chain specified in the CHAIN
               column. If :COUNT is included, a counting rule matching this
               entry will be added to chain

           COMMENT
               The remainder of the line is treated as a comment which is
               attached to subsequent rules until another COMMENT line is
               found or until the end of the file is reached. To stop adding
               comments to rules, use a line with only the word COMMENT.

       CHAIN - {-|chain}
           The name of a chain. If specified as - the accounting chain is
           assumed. This is the chain where the accounting rule is added. The
           chain will be created if it doesn't already exist.

       SOURCE - {-|any|all|interface|interface:address|address}
           Packet Source.

           The name of an interface, an address (host or net) or an interface
           name followed by ":" and a host or net address.

       DESTINATION - {-|any|all|interface|interface:address|address}
           Packet Destination.

           Format same as SOURCE column.

       PROTOCOL - {-|any|all|protocol-name|protocol-number|ipp2p[:{udp|all}]}
           A protocol-name (from protocols(5)), a protocol-number, ipp2p,
           ipp2p:udp or ipp2p:all

       DEST PORT(S) -
       {-|any|all|ipp2p-option|port-name-or-number[,port-name-or-number]...}
           Destination Port number. Service name from services(5) or port
           number. May only be specified if the protocol is TCP (6), UDP (17),
           DCCP (33), SCTP (132) or UDPLITE (136).

           You may place a comma-separated list of port names or numbers in
           this column if your kernel and iptables include multiport match
           support.

           If the PROTOCOL is ipp2p then this column must contain an
           ipp2p-option ("iptables -m ipp2p --help") without the leading "--".
           If no option is given in this column, ipp2p is assumed.

       SOURCE PORT(S) -
       {-|any|all|port-name-or-number[,port-name-or-number]...}
           Service name from services(5) or port number. May only be specified
           if the protocol is TCP (6), UDP (17), DCCP (33), SCTP (132) or
           UDPLITE (136).

           You may place a comma-separated list of port numbers in this column
           if your kernel and iptables include multiport match support.

       USER/GROUP -
       [!][user-name-or-number][:group-name-or-number][+program-name]
           This column may only be non-empty if the CHAIN is OUTPUT.

           When this column is non-empty, the rule applies only if the program
           generating the output is running under the effective user and/or
           group specified (or is NOT running under that id if "!" is given).

           Examples:

           joe
               program must be run by joe

           :kids
               program must be run by a member of the 'kids' group

           !:kids
               program must not be run by a member of the 'kids' group

           +upnpd
               #program named upnpd

                   Important
                   The ability to specify a program name was removed from
                   Netfilter in kernel version 2.6.14.

       MARK - [!]value[/mask][:C]
           Defines a test on the existing packet or connection mark. The rule
           will match only if the test returns true.

           If you don't want to define a test but need to specify anything in
           the following columns, place a "-" in this field.

           !
               Inverts the test (not equal)

           value
               Value of the packet or connection mark.

           mask
               A mask to be applied to the mark before testing.

           :C
               Designates a connection mark. If omitted, the packet mark's
               value is tested.

       In all of the above columns except ACTION and CHAIN, the values -, any
       and all may be used as wildcards. Omitted trailing columns are also
       treated as wildcards.

FILES

       /etc/shorewall/accounting

SEE ALSO

       http://shorewall.net/Accounting.html[1]

       shorewall(8), shorewall-actions(5), shorewall-blacklist(5),
       shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5),
       shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES

        1. http://shorewall.net/Accounting.html
           http://shorewall.net/Accounting.html

[FIXME: source]                   06/17/2010            SHOREWALL-ACCOUNTIN(5)