问题
I want to know I can can find out which rule was accessed, and how many times, from the access list I have created using iptables.
My firewall has over 1000 input and output rules in iptbales; I want to find how many each of them were accessed.
For example, suppose I have the following rules
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
I want to find out how many times each of rules 1, 2, 3, 4, 5 and 6 were hit.
回答1:
iptables will list packet and byte counters if you specify option -v for verbose, e.g. iptables -vL. Likewise iptables-save will list all entries including the mentioned counters for each chain, but not for each table entry (on some systems iptables-save requires option -c to include counters).
回答2:
I use the following to check on my iptables rules:
iptables -nvL [INPUT|FORWARD|OUTPUT|myCHAINNAME] --line-numbers | less
The -n speeds up the process by not doing hostname lookups
The line numbers help with deleting rules:
iptables -D [INPUT|FORWARD|OUTPUT|myCHAINNAME] [Rule#]
HTH
回答3:
You can also use collectds iptables module to aggregate the counters:
https://collectd.org/wiki/index.php/Iptables
来源:https://stackoverflow.com/questions/17548383/how-can-i-check-the-hit-count-for-each-rule-in-iptables