NAME
accounting - Shorewall Accounting file
SYNOPSIS
/etc/shorewall/accounting
DESCRIPTION
Accounting rules exist simply to count packets and bytes in categories
that you define in this file. You may display these rules and their
packet and byte counters using the shorewall show accounting command.
The columns in the file are as follows.
ACTION - {COUNT|DONE|chain[:COUNT]}
What to do when a matching packet is found.
COUNT
Simply count the match and continue with the next rule
DONE
Count the match and don't attempt to match any other accounting
rules in the chain specified in the CHAIN column.
chain[:COUNT]
Where chain is the name of a chain; Shorewall will create the
chain automatically if it doesn't already exist. Causes a jump
to that chain to be added to the chain specified in the CHAIN
column. If :COUNT is included, a counting rule matching this
entry will be added to chain
COMMENT
The remainder of the line is treated as a comment which is
attached to subsequent rules until another COMMENT line is
found or until the end of the file is reached. To stop adding
comments to rules, use a line with only the word COMMENT.
CHAIN - {-|chain}
The name of a chain. If specified as - the accounting chain is
assumed. This is the chain where the accounting rule is added. The
chain will be created if it doesn't already exist.
SOURCE - {-|any|all|interface|interface:address|address}
Packet Source.
The name of an interface, an address (host or net) or an interface
name followed by ":" and a host or net address.
DESTINATION - {-|any|all|interface|interface:address|address}
Packet Destination.
Format same as SOURCE column.
PROTOCOL - {-|any|all|protocol-name|protocol-number|ipp2p[:{udp|all}]}
A protocol-name (from protocols(5)), a protocol-number, ipp2p,
ipp2p:udp or ipp2p:all
DEST PORT(S) -
{-|any|all|ipp2p-option|port-name-or-number[,port-name-or-number]...}
Destination Port number. Service name from services(5) or port
number. May only be specified if the protocol is TCP (6), UDP (17),
DCCP (33), SCTP (132) or UDPLITE (136).
You may place a comma-separated list of port names or numbers in
this column if your kernel and iptables include multiport match
support.
If the PROTOCOL is ipp2p then this column must contain an
ipp2p-option ("iptables -m ipp2p --help") without the leading "--".
If no option is given in this column, ipp2p is assumed.
SOURCE PORT(S) -
{-|any|all|port-name-or-number[,port-name-or-number]...}
Service name from services(5) or port number. May only be specified
if the protocol is TCP (6), UDP (17), DCCP (33), SCTP (132) or
UDPLITE (136).
You may place a comma-separated list of port numbers in this column
if your kernel and iptables include multiport match support.
USER/GROUP -
[!][user-name-or-number][:group-name-or-number][+program-name]
This column may only be non-empty if the CHAIN is OUTPUT.
When this column is non-empty, the rule applies only if the program
generating the output is running under the effective user and/or
group specified (or is NOT running under that id if "!" is given).
Examples:
joe
program must be run by joe
:kids
program must be run by a member of the 'kids' group
!:kids
program must not be run by a member of the 'kids' group
+upnpd
#program named upnpd
Important
The ability to specify a program name was removed from
Netfilter in kernel version 2.6.14.
MARK - [!]value[/mask][:C]
Defines a test on the existing packet or connection mark. The rule
will match only if the test returns true.
If you don't want to define a test but need to specify anything in
the following columns, place a "-" in this field.
!
Inverts the test (not equal)
value
Value of the packet or connection mark.
mask
A mask to be applied to the mark before testing.
:C
Designates a connection mark. If omitted, the packet mark's
value is tested.
In all of the above columns except ACTION and CHAIN, the values -, any
and all may be used as wildcards. Omitted trailing columns are also
treated as wildcards.
FILES
/etc/shorewall/accounting
SEE ALSO
http://shorewall.net/Accounting.html[1]
shorewall(8), shorewall-actions(5), shorewall-blacklist(5),
shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5),
shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-proxyarp(5),
shorewall-route_rules(5), shorewall-routestopped(5),
shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5),
shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)
NOTES
1. http://shorewall.net/Accounting.html
http://shorewall.net/Accounting.html
[FIXME: source] 06/17/2010 SHOREWALL-ACCOUNTIN(5)