Using IP Accounting ResultsLinux Network Administrators GuidePrevChapter 10. IP AccountingNextUsing IP Accounting Results It is all very well to be collecting this information, but how do we actually get to see it? To view the collected accounting data and the configured accounting rules, we use our firewall configuration commands, asking them to list our rules. The packet and byte counters for each of our rules are listed in the output.The ipfwadm, ipchains, and iptables commands differ in how accounting data is handled, so we will treat them independently.Listing Accounting Data with ipfwadm The most basic means of listing our accounting data with the ipfwadm command is to use it like this: # ipfwadm -A -l IP accounting rules pkts bytes dir prot source destination ports 9833 2345K i/o all 172.16.3.0/24 anywhere n/a 56527 33M i/o all 172.16.4.0/24 anywhere n/aThis will tell us the number of packets sent in each direction. If we use the extended output format with the -e option (not shown here because the output is too wide for the page), we are also supplied the options and applicable interface names. Most of the fields in the output will be self-explanatory, but the following may not:dirThe direction in which the rule applies. Expected values here are in, out, or i/o, meaning both ways.protThe protocols to which the rule applies.optA coded form of the options we use when invoking ipfwadm. ifnameThe name of the interface to which the rule applies.ifaddressThe address of the interface to which the rule applies.By default, ipfwadm displays the packet and byte counts in a shortened form, rounded to the nearest thousand (K) or million (M). We can ask it to display the collected data in exact units by using the expanded option as follows: # ipfwadm -A -l -e -xListing Accounting Data with ipchains The ipchains command will not display our accounting data (packet and byte counters) unless we supply it the -v argument. The simplest means of listing our accounting data with the ipchains is to use it like this: # ipchains -L -vAgain, just as with ipfwadm, we can display the packet and byte counters in units by using the expanded output mode. The ipchains uses the -x argument for this: # ipchains -L -v -xListing Accounting Data with iptables The iptables command behaves very similarly to the ipchains command. Again, we must use the -v when listing tour rules to see the accounting counters. To list our accounting data, we would use:# iptables -L -vJust as for the ipchains command, you can use the -x argument to show the output in expanded format with unit figures.PrevHomeNextConfiguring IP AccountingUpResetting the Counters