Provided by: shorewall-common_4.0.6-1_all bug

NAME

       accounting - Shorewall Accounting file

SYNOPSIS

       /etc/shorewall/accounting

DESCRIPTION

       Accounting  rules exist simply to count packets and bytes in categories
       that you define in this file. You may display  these  rules  and  their
       packet and byte counters using the shorewall show accounting command.

       The columns in the file are as follows.

       ACTION — {COUNT|DONE|chain[:COUNT]}
              What to do when a matching packet is found.

              COUNT  Simply count the match and continue with the next rule

              DONE   Count  the  match  and  don’t  attempt to match any other
                     accounting rules in the  chain  specified  in  the  CHAIN
                     column.

              chain[:COUNT]
                     Where chain is the name of a chain; Shorewall will create
                     the chain automatically  if  it  doesn’t  already  exist.
                     Causes  a  jump  to  that  chain to be added to the chain
                     specified in the CHAIN column. If :COUNT is  included,  a
                     counting rule matching this entry will be added to chain

       CHAIN — {-|chain}
              The  name  of a chain. If specified as - the accounting chain is
              assumed. This is the chain where the accounting rule  is  added.
              The chain will be created if it doesn’t already exist.

       SOURCE — {-|any|all|interface|interface:address|address}
              Packet Source.

              The  name  of  an  interface,  an  address  (host  or net) or an
              interface name followed by ":" and a host or net address.

       DESTINATION — {-|any|all|interface|interface:address|address}
              Packet Destination.

              Format same as SOURCE column.

       PROTOCOL — {-|any|all|protocol-name|protocol-number|ipp2p[:{udp|all}]}
              A protocol-name (from protocols(5)), a  protocol-number,  ipp2p,
              ipp2p:udp or ipp2p:all

       DEST  PORT(S) — {-|any|all|ipp2p-option|port-name-or-number[,port-name-
       or-number]...}
              Destination  Port  number. Service name from services(5) or port
              number. May only be specified if the protocol is tcp or  udp  (6
              or 17).

              You may place a comma-separated list of port names or numbers in
              this column if your kernel and iptables include multiport  match
              support.

              If the PROTOCOL is ipp2p then this column must contain an ipp2p-
              option ("iptables -m ipp2p --help") without the leading "--". If
              no option is given in this column, ipp2p is assumed.

       SOURCE    PORT(S)    —    {-|any|all|port-name-or-number[,port-name-or-
       number]...}
              Service  name  from  services(5)  or  port  number.  May only be
              specified if the protocol is TCP or UDP (6 or 17).

              You may place a comma-separated list of  port  numbers  in  this
              column  if  your  kernel  and  iptables  include multiport match
              support.

       USER/GROUP —  [!][user-name-or-number][:group-name-or-number][+program-
       name]
              This column may only be non-empty if the CHAIN is OUTPUT.

              When this column is non-empty, the  rule  applies  only  if  the
              program  generating  the  output  is running under the effective
              user and/or group specified (or is NOT running under that id  if
              "!" is given).

              Examples:

              joe    program must be run by joe

              :kids  program must be run by a member of the ’kids’ group

              !:kids program must not be run by a member of the ’kids’ group

              +upnpd #program named upnpd
                     Important

                     The  ability  to  specify a program name was removed from
                     Netfilter in kernel version 2.6.14.

       MARK — [!]value[/mask][:C]
              Defines a test on the existing packet or  connection  mark.  The
              rule will match only if the test returns true.

              If  you don’t want to define a test but need to specify anything
              in the following columns, place a "-" in this field.

              !      Inverts the test (not equal)

              value  Value of the packet or connection mark.

              mask   A mask to be applied to the mark before testing.

              :C     Designates a connection  mark.  If  omitted,  the  packet
                     mark’s  value is tested. This option is only supported by
                     Shorewall-perl.

       In all of the above columns except ACTION and CHAIN, the values -,  any
       and  all  may  be  used as wildcards. Omitted trailing columns are also
       treated as wildcards.

FILES

       /etc/shorewall/accounting

SEE ALSO

http://shorewall.net/Accounting.htmlshorewall(8), shorewall-actions(5), shorewall-blacklist(5),  shorewall-
       hosts(5),   shorewall-interfaces(5),   shorewall-ipsec(5),   shorewall-
       maclist(5), shorewall-masq(5),  shorewall-nat(5),  shorewall-netmap(5),
       shorewall-params(5),    shorewall-policy(5),    shorewall-providers(5),
       shorewall-proxyarp(5),      shorewall-route_routes(5),       shorewall-
       routestopped(5),   shorewall-rules(5),   shorewall.conf(5),  shorewall-
       tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),  shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                               23 November 2007        shorewall-accounting(5)