shorewall-accounting.5

sharewall is very good

.\"     Title: shorewall-accounting
.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
.\"      Date: 03/19/2009
.\"    Manual: [FIXME: manual]
.\"    Source: [FIXME: source]
.\"  Language: English
.\"
.TH "SHOREWALL\-ACCOUNTIN" "5" "03/19/2009" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * (re)Define some macros
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" toupper - uppercase a string (locale-aware)
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de toupper
.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
\\$*
.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SH-xref - format a cross-reference to an SH section
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de SH-xref
.ie n \{\
.\}
.toupper \\$*
.el \{\
\\$*
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SH - level-one heading that works better for non-TTY output
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de1 SH
.\" put an extra blank line of space above the head in non-TTY output
.if t \{\
.sp 1
.\}
.sp \\n[PD]u
.nr an-level 1
.set-an-margin
.nr an-prevailing-indent \\n[IN]
.fi
.in \\n[an-margin]u
.ti 0
.HTML-TAG ".NH \\n[an-level]"
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
\." make the size of the head bigger
.ps +3
.ft B
.ne (2v + 1u)
.ie n \{\
.\" if n (TTY output), use uppercase
.toupper \\$*
.\}
.el \{\
.nr an-break-flag 0
.\" if not n (not TTY), use normal case (not uppercase)
\\$1
.in \\n[an-margin]u
.ti 0
.\" if not n (not TTY), put a border/line under subheading
.sp -.6
\l'\n(.lu'
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SS - level-two heading that works better for non-TTY output
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de1 SS
.sp \\n[PD]u
.nr an-level 1
.set-an-margin
.nr an-prevailing-indent \\n[IN]
.fi
.in \\n[IN]u
.ti \\n[SN]u
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.ps \\n[PS-SS]u
\." make the size of the head bigger
.ps +2
.ft B
.ne (2v + 1u)
.if \\n[.$] \&\\$*
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" BB/BE - put background/screen (filled box) around block of text
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de BB
.if t \{\
.sp -.5
.br
.in +2n
.ll -2n
.gcolor red
.di BX
.\}
..
.de EB
.if t \{\
.if "\\$2"adjust-for-leading-newline" \{\
.sp -1
.\}
.br
.di
.in
.ll
.gcolor
.nr BW \\n(.lu-\\n(.i
.nr BH \\n(dn+.5v
.ne \\n(BHu+.5v
.ie "\\$2"adjust-for-leading-newline" \{\
\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
.\}
.el \{\
\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
.\}
.in 0
.sp -.5v
.nf
.BX
.in
.sp .5v
.fi
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" BM/EM - put colored marker in margin next to block of text
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de BM
.if t \{\
.br
.ll -2n
.gcolor red
.di BX
.\}
..
.de EM
.if t \{\
.br
.di
.ll
.gcolor
.nr BH \\n(dn
.ne \\n(BHu
\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
.in 0
.nf
.BX
.in
.fi
.\}
..
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "Name"
accounting \- Shorewall Accounting file
.SH "Synopsis"
.fam C
.HP \w'\fB/etc/shorewall/accounting\fR\ 'u
\fB/etc/shorewall/accounting\fR
.fam
.SH "Description"
.PP
Accounting rules exist simply to count packets and bytes in categories that you define in this file\&. You may display these rules and their packet and byte counters using the
\fBshorewall show accounting\fR
command\&.
.PP
The columns in the file are as follows\&.
.PP
\fBACTION\fR \- {\fBCOUNT\fR|\fBDONE\fR|\fIchain\fR[:\fBCOUNT\fR]}
.RS 4
What to do when a matching packet is found\&.
.PP
\fBCOUNT\fR
.RS 4
Simply count the match and continue with the next rule
.RE
.PP
\fBDONE\fR
.RS 4
Count the match and don\'t attempt to match any other accounting rules in the chain specified in the
\fBCHAIN\fR
column\&.
.RE
.PP
\fIchain\fR[\fB:\fR\fBCOUNT\fR]
.RS 4
Where
\fIchain\fR
is the name of a chain; Shorewall will create the chain automatically if it doesn\'t already exist\&. Causes a jump to that chain to be added to the chain specified in the CHAIN column\&. If
\fB:COUNT\fR
is included, a counting rule matching this entry will be added to
\fIchain\fR
.RE
.RE
.PP
\fBCHAIN\fR \- {\fB\-\fR|\fIchain\fR}
.RS 4
The name of a
\fIchain\fR\&. If specified as
\fB\-\fR
the
\fBaccounting\fR
chain is assumed\&. This is the chain where the accounting rule is added\&. The
\fIchain\fR
will be created if it doesn\'t already exist\&.
.RE
.PP
\fBSOURCE\fR \- {\fB\-\fR|\fBany\fR|\fBall\fR|\fIinterface\fR|\fIinterface\fR\fB:\fR\fIaddress\fR|\fIaddress\fR}
.RS 4
Packet Source\&.
.sp
The name of an
\fIinterface\fR, an
\fIaddress\fR
(host or net) or an
\fIinterface\fR
name followed by ":" and a host or net
\fIaddress\fR\&.
.RE
.PP
\fBDESTINATION\fR \- {\fB\-\fR|\fBany\fR|\fBall\fR|\fIinterface\fR|\fIinterface\fR\fB:\fR\fIaddress\fR|\fIaddress\fR}
.RS 4
Packet Destination\&.
.sp
Format same as
\fBSOURCE\fR
column\&.
.RE
.PP
\fBPROTOCOL\fR \- {\fB\-\fR|\fBany\fR|\fBall\fR|\fIprotocol\-name\fR|\fIprotocol\-number\fR|\fBipp2p\fR[\fB:\fR{\fBudp\fR|\fBall\fR}]}
.RS 4
A
\fIprotocol\-name\fR
(from protocols(5)), a
\fIprotocol\-number\fR,
\fBipp2p\fR,
\fBipp2p:udp\fR
or
\fBipp2p:all\fR
.RE
.PP
\fBDEST PORT(S)\fR \- {\fB\-\fR|\fBany\fR|\fBall\fR|\fIipp2p\-option\fR|\fIport\-name\-or\-number\fR[,\fIport\-name\-or\-number\fR]\&.\&.\&.}
.RS 4
Destination Port number\&. Service name from services(5) or
\fIport number\fR\&. May only be specified if the protocol is
\fBtcp\fR
or
\fBudp\fR
(6 or 17)\&.
.sp
You may place a comma\-separated list of port names or numbers in this column if your kernel and iptables include multiport match support\&.
.sp
If the PROTOCOL is
\fBipp2p\fR
then this column must contain an
\fIipp2p\-option\fR
("iptables \-m ipp2p \-\-help") without the leading "\-\-"\&. If no option is given in this column,
\fBipp2p\fR
is assumed\&.
.RE
.PP
\fBSOURCE PORT(S)\fR \- {\fB\-\fR|\fBany\fR|\fBall\fR|\fIport\-name\-or\-number\fR[,\fIport\-name\-or\-number\fR]\&.\&.\&.}
.RS 4
Service name from services(5) or
\fIport number\fR\&. May only be specified if the protocol is TCP or UDP (6 or 17)\&.
.sp
You may place a comma\-separated list of port numbers in this column if your kernel and iptables include multiport match support\&.
.RE
.PP
\fBUSER/GROUP\fR \- [\fB!\fR][\fIuser\-name\-or\-number\fR][\fB:\fR\fIgroup\-name\-or\-number\fR][\fB+\fR\fIprogram\-name\fR]
.RS 4
This column may only be non\-empty if the
\fBCHAIN\fR
is
\fBOUTPUT\fR\&.
.sp
When this column is non\-empty, the rule applies only if the program generating the output is running under the effective
\fIuser\fR
and/or
\fIgroup\fR
specified (or is NOT running under that id if "!" is given)\&.
.sp
Examples:
.PP
joe
.RS 4
program must be run by joe
.RE
.PP
:kids
.RS 4
program must be run by a member of the \'kids\' group
.RE
.PP
!:kids
.RS 4
program must not be run by a member of the \'kids\' group
.RE
.PP
+upnpd
.RS 4
#program named upnpd
.if n \{\
.sp
.\}
.RS 4
.BM yellow
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBImportant\fR
.ps -1
.br
The ability to specify a program name was removed from Netfilter in kernel version 2\&.6\&.14\&.
.sp .5v
.EM yellow
.RE
.RE
.RE
.PP
\fBMARK\fR \- [\fB!\fR]\fIvalue\fR[/\fImask\fR][\fB:C\fR]
.RS 4
Defines a test on the existing packet or connection mark\&. The rule will match only if the test returns true\&.
.sp
If you don\'t want to define a test but need to specify anything in the following columns, place a "\-" in this field\&.
.PP
!
.RS 4
Inverts the test (not equal)
.RE
.PP
\fIvalue\fR
.RS 4
Value of the packet or connection mark\&.
.RE
.PP
\fImask\fR
.RS 4
A mask to be applied to the mark before testing\&.
.RE
.PP
\fB:C\fR
.RS 4
Designates a connection mark\&. If omitted, the packet mark\'s value is tested\&. This option is only supported by Shorewall\-perl\&.
.RE
.RE
.PP
In all of the above columns except
\fBACTION\fR
and
\fBCHAIN\fR, the values
\fB\-\fR,
\fBany\fR
and
\fBall\fR
may be used as wildcards\&. Omitted trailing columns are also treated as wildcards\&.
.SH "FILES"
.PP
/etc/shorewall/accounting
.SH "See ALSO"
.PP
\m[blue]\fBhttp://shorewall\&.net/Accounting\&.html \fR\m[]\&\s-2\u[1]\d\s+2
.PP
shorewall(8), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall\-interfaces(5), shorewall\-ipsec(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-route_rules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-tcrules(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5)
.SH "Notes"
.IP " 1." 4
http://shorewall.net/Accounting.html
.RS 4
\%http://shorewall.net/Accounting.html
.RE