[hobbit] Graphing number of references to iptables chain
Iain Conochie
iain at shihad.org
Wed Sep 5 14:18:21 CEST 2007
Andreas Kunberger wrote:
> Am Mittwoch, 5. September 2007 11:30 schrieb Iain Conochie:
>
>> <snip>
>>
>> Here you go. This must bu run as root so either Set UID root (bad!) or
>> use sudo
>>
>> for i in $CHAINS
>> do sudo $IPTABLES -L -n -v -x| grep ^"Chain $i"| awk {'print $2 " "
>> $6 " : " $5'}| sed s/packets,/packets/g >> $BBTMP/packets.$$
>> done
>>
>>
> Seems to me, its graphs only the packets the default policy of the chain is
> applied to, i.e those who have not matche any ruly in the chain
>
> mfg
> Andreas Kunberger
>
>
True. Personally I use a default "reject" rule hence this will graph
what the firewall rejects. Obviously this will not really take into
account what is allowed so maybe I was not too clear in my first statement.
Iain
More information about the Xymon
mailing list