I came across this tutorial here that describes how to monitor bandwidth using iptables. I wanted to adapt it for a non-router machine, so I want to know how much data is going in/coming out and not passing through.
Here are the rules I added:
iptables -N ETH0_IN
iptables -N ETH0_OUT
iptables -I INPUT -i eth0 -j ETH0_IN
iptables -I OUTPUT -o eth0 -j ETH0_OUT
And here is a sample of the output:
user@host:/tmp$ sudo iptables -x -vL -n
Chain INPUT (policy ACCEPT 1549 packets, 225723 bytes)
pkts bytes target prot opt in out source destination
199 54168 ETH0_IN all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1417 packets, 178128 bytes)
pkts bytes target prot opt in out source destination
201 19597 ETH0_OUT all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain ETH0_IN (1 references)
pkts bytes target prot opt in out source destination
Chain ETH0_OUT (1 references)
pkts bytes target prot opt in out source destination
As seen above, there are no packet and byte values for ETH0_IN and ETH0_OUT, which is not the same result in the tutorial I referenced.
Is there a mistake that I made somewhere? Thanks for your time.
Best Answer
Create a term that matches all traffic and does nothing (but count):
In your tutorial your custom chains contain similar entries - for whatever type of accounting you like. (per IP, per protocol...)
If you just want to account input/output traffic and do not do forwarding (what I read from "non-router machine"), get interface counters:
If you are doing just a total you can even save the custom chains and do
to get your counters....