iptables-accounting
上传用户:shbosideng
上传日期:2013-05-04
资源大小:1555k
文件大小:2k
- #!/usr/bin/perl
- # iptables-accounting .9
- #
- # Author: Vern Gill <vgill@technologist.com>
- # Date: March 9, 2001
- #
- # Adapted from code used in ipchainacc
- #
- # ipchainacc 1.1.0
- #
- # Author: John Lange john@darkcore.net
- # Date : September 12, 2000
- #
- #
- # The command takes one argument:
- # Argument: what filter do you want to view
- # I.E. iptables-accounting filter
- # iptables-accounting nat
- #
- # Also, you can check bytes or packets. Check the $bytec below
- # and the text above it for details
- #
- # This command must return 4 lines of output:
- # Line 1 : current state of the 'incoming bytes counter'
- # Line 2 : current state of the 'outgoing bytes counter'
- # Line 3 : string, telling the uptime of the target.
- # Line 4 : string, telling the name of the target.
- #
- # To add more counters, just edit the commented out if lines
- # below. For instance, to count the filter table and the
- # INPUT chain, just change the elsif to filter, and the
- # $inrule to INPUT
- # Share and enjoy
- # edit for your system
- $iptables='/usr/local/sbin/iptables'; # path to iptables
- $host=`/bin/hostname --fqdn`; # local hostname (for information
- only)
- $table = $ARGV[0];
- if ( $table =~ /^filter/i ) {
- $inrule='FORWARD';
- $outrule='OUTPUT';
- } elsif ( $table =~ /^nat/i ) {
- $inrule='PREROUTING';
- $outrule='POSTROUTING';
- } elsif ( $table =~ /^mangle/i ) {
- $inrule='PREROUTING';
- $outrule='OUTPUT';
- #} elsif ( $table =~ /^table-name-here/i ) {
- # $inrule='CHAIN-NAME-HERE';
- # $outrule='OTHER-CHAIN-NAME';
- #} elsif ( $table =~ /^table-name-here/i ) {
- # $inrule='CHAIN-NAME-HERE';
- # $outrule='OTHER-CHAIN-NAME';
- }
- # What should we graph? packet counters = 4, bytes = 6
- # If you used the ipchainacc script before and you want to keep
- counting
- # packets, then set this to 4. If you would rather do the
- # sensible thing and count bytes, then set this to 6. If you change
- # from one to the other, then you should delete all the previous
- # history since it will be meaningless.
- $bytec=6;
- ## -- don't edit below here ----
- # fetch the status from iptables
- $_=`$iptables -t $table -L $inrule -v -n -x | grep Chain`;
- @in_bytes = split;
- $_=`$iptables -t $table -L $outrule -v -n -x | grep Chain`;
- @out_bytes = split;
- # uptime of the machine
- open(UPTIME,"uptime |cut -b 13-27|");
- $upTime=<UPTIME>;
- close(UPTIME);
- chop $upTime;
- # 4 lines of output only.
- printf "$in_bytes[$bytec]n$out_bytes[$bytec]n$upTimen$host";