#!/usr/bin/perl # iptables-accounting .9 # # Author: Vern Gill # Date: March 9, 2001 # # Adapted from code used in ipchainacc # # ipchainacc 1.1.0 # # Author: John Lange john@darkcore.net # Date : September 12, 2000 # # # The command takes one argument: # Argument: what filter do you want to view # I.E. iptables-accounting filter # iptables-accounting nat # # Also, you can check bytes or packets. Check the $bytec below # and the text above it for details # # This command must return 4 lines of output: # Line 1 : current state of the 'incoming bytes counter' # Line 2 : current state of the 'outgoing bytes counter' # Line 3 : string, telling the uptime of the target. # Line 4 : string, telling the name of the target. # # To add more counters, just edit the commented out if lines # below. For instance, to count the filter table and the # INPUT chain, just change the elsif to filter, and the # $inrule to INPUT # Share and enjoy # edit for your system $iptables='/sbin/iptables'; # path to iptables $host=`/bin/hostname --fqdn`; # local hostname (for information only) $table = $ARGV[0]; if ( $table =~ /^filter/i ) { $inrule='FORWARD'; $outrule='OUTPUT'; } elsif ( $table =~ /^nat/i ) { $inrule='PREROUTING'; $outrule='POSTROUTING'; } elsif ( $table =~ /^mangle/i ) { $inrule='PREROUTING'; $outrule='OUTPUT'; #} elsif ( $table =~ /^table-name-here/i ) { # $inrule='CHAIN-NAME-HERE'; # $outrule='OTHER-CHAIN-NAME'; #} elsif ( $table =~ /^table-name-here/i ) { # $inrule='CHAIN-NAME-HERE'; # $outrule='OTHER-CHAIN-NAME'; } # What should we graph? packet counters = 4, bytes = 6 # If you used the ipchainacc script before and you want to keep counting # packets, then set this to 4. If you would rather do the # sensible thing and count bytes, then set this to 6. If you change # from one to the other, then you should delete all the previous # history since it will be meaningless. $bytec=6; ## -- don't edit below here ---- # fetch the status from iptables $_=`$iptables -t $table -L $inrule -v -n -x | grep Chain`; @in_bytes = split; $_=`$iptables -t $table -L $outrule -v -n -x | grep Chain`; @out_bytes = split; # uptime of the machine open(UPTIME,"uptime |"); $upTime=; close(UPTIME); chop $upTime; # example showing users number -- off, of course #$upTime =~ s/^.*up ([0-9 a-z]+),( )+([0-9]+ user(s)?), .*$/\1 (\3)/; $upTime =~ s/^.*up ([0-9:, a-z]+),( )+([0-9]+ user(s)?), .*$/\1/; # 4 lines of output only. printf "$in_bytes[$bytec]\n$out_bytes[$bytec]\n$upTime\n$host";