Linux – What does nf_conntrack.acct really do

iptableskernellinuxnf-conntrack

I've found the kernel parameter nf_conntrack.acct interesting, in that the kernel documentation merely says "Enable connection tracking flow accounting".
I've appended this to grub and rebooted and I haven't found any difference. For example, what it has to do with the /proc/net/nf_conntrack file?

Thanks in advance!

Best Answer

From iptables-extensions(8):

The "net.netfilter.nf_conntrack_acct" sysctl flag controls whether new connections will be byte/packet counted. Existing connection flows will not be gaining/losing a/the accounting structure when be sysctl flag is flipped.

This accounting information can then be used to create rules for the connbytes netfilter module. Note that setting this option does not require a reboot, this can be enabled at runtime (for new connections only):

sudo sysctl -w net.netfilter.nf_conntrack_acct=1

When enabled, /proc/net/nf_conntrack will carry information about packet count and size:

 $ grep dport=1234 /proc/net/nf_conntrack
 ipv4     [...] sport=58730 dport=1234 packets=324 bytes=480352 [...]

Best Answer

Related Solutions

Linux – SSH Session Inactivity Configuration

Iptables – Increasing ip_conntrack_max safely

Related Topic