Re: quota display in iptables -L

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
> 31997506400-31997506128=272
> You are under the quota!

Thank you for your reply. By discrepancy I mean iptables -L -v showing
32GB and iptables-save showing the correct point where it stopped, at
the quota. That's a 2.2GB difference.



>
> 2012-03-09 01:19 keltezéssel, James Anderson írta:
>>
>> Hello everyone.
>>
>> I have been trying to get iptables to stop traffic to the internet
>> after I have exceeded 29.8 GB and just allow traffic to the local
>> subnet after that. I did the conversion on google and apparently
>> 29.8GB is 31997506400 bytes. However tonight when I got home and did
>> iptables -L -v, I saw this:
>>
>> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>    28M    32G   ACCEPT     all  --  any    any     anywhere
>> !192.168.2.0/24      quota: 31997506400 bytes
>> 2459K 3621M  ACCEPT     all  --  any    any     anywhere
>> 192.168.2.0/24
>>   5770 1151K   REJECT     all  --  any    any     anywhere
>> anywhere            reject-with icmp-port-unreachable
>>
>> At first I thought the quota didn't work, but then I did iptables-save -c
>>
>> *filter
>> :INPUT ACCEPT [23078834:14787771556]
>> :FORWARD ACCEPT [0:0]
>> :OUTPUT ACCEPT [0:0]
>> [28216466:31997506128] -A OUTPUT ! -d 192.168.2.0/24 -m quota --quota
>> 31997506400 -j ACCEPT
>> [2475569:3622559686] -A OUTPUT -d 192.168.2.0/24 -j ACCEPT
>> [24154:2350411] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
>> COMMIT
>>
>> which shows that it stopped at 29.7999998 GB.
>> Could someone perhaps explain the discrepancy?
>> Does iptables keep counting bytes even after the quota is full?
>>
>> many thanks in advance,
>>
>> James
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux