Collect Statistics with Firewall Rules
Make your firewall ruleset do the work for you when you want to collect statistics.
If you want to start collecting statistics on your network traffic but dread setting up SNMP, you don’t have to worry. You can use the firewalling code in your operating system to collect statistics for you.
For instance, if you were using Linux, you could use
iptables
commands similar to the following to
keep track of bandwidth consumed by a particular machine that passes
traffic through your firewall:
#iptables -N KRYTEN && iptables -A KRYTEN -j ACCEPT
#iptables -N KRYTEN_IN && iptables -A KRYTEN_IN -j KRYTEN
#iptables -N KRYTEN_OUT && iptables -A KRYTEN_OUT -j KRYTEN
#iptables -A FORWARD -s 192.168.0.60
-j KRYTEN_OUT
#iptables -A FORWARD -d 192.168.0.60 -j KRYTEN_IN
This leverages the packet and byte counters associated with each
iptables
rule to provide input and output
bandwidth statistics for traffic forwarded through the
firewall. It works by first defining
a chain named KRYTEN
, which is named after the
host that the statistics will be collected on.
This chain contains an unconditional accept rule and will
be used to quickly add up the total bandwidth that kryten
consumes. To itemize the downstream
bandwidth kryten is using, another chain is created called
KRYTEN_IN
. This
chain contains only one rule, which is to unconditionally jump to the
KRYTEN
chain in order for the inbound bandwidth to be added with the outbound bandwidth being consumed. Similarly, ...
Get Network Security Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.