Counting elements of an ipset
Micah Anderson
micah at riseup.net
Fri Mar 10 20:12:44 CET 2006
Hi,
I'm using ipsets and it appears as if ipsets do not have counters for
packet matching, you can only count packets that match an entire set.
For example, if I do:
iptables -v -n -x -m set -L input --set accounting src,dst
it only prints the packet counts of the ipsets, not the specific ip
addresses in the sets. Is there a way I can get iptables to tell me
the packets of a particular IP in an ipset?
I can create an ipmap ipset for each individual IP that I want to
count, and then count each of those set's packet counts, but do I gain
anything by doing this (ie. does using ipsets save me any memory or
CPU in this scenario?)
Thanks,
micah
More information about the netfilter
mailing list