如何检查iptables中每个规则的点击计数? [英] How can I check the hit count for each rule in iptables?

问题描述

我想知道如何从使用iptables创建的访问列表中找出访问了哪些规则以及访问了多少次.

I want to know how can I find out which rule was accessed and how many times, from the access list I have created using iptables.

我的防火墙在iptbales中有1000多个输入和输出规则；我想查找每个对象被访问了多少次.

My firewall has over 1000 input and output rules in iptbales; I want to find how many times each of them were accessed.

例如，假设我有以下规则:

For example, suppose I have the following rules:

iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

我想找出规则1、2、3、4、5和6分别被击中了多少次.

I want to find out how many times each of the rules 1, 2, 3, 4, 5 and 6 were hit.

推荐答案

iptables将列出数据包和字节计数器. iptables -vL.同样，iptables-save将为每个链列出所有条目，包括提到的计数器，但不是为每个表条目列出(在某些系统上，iptables-save要求选项-c包括计数器).

iptables will list packet and byte counters if you specify option -v for verbose, e.g. iptables -vL. Likewise iptables-save will list all entries including the mentioned counters for each chain, but not for each table entry (on some systems iptables-save requires option -c to include counters).

这篇关于如何检查iptables中每个规则的点击计数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！