Counters: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Counters are optional in ''nftables'', thus, you need to explicitly specify them in the rule if you want them. The following example allows you to account all tcp traffic tha...") |
(add pointer to stateful counters) |
||
Line 14: | Line 14: | ||
The rule is evaluated from the left to the right, so '''any kind of packet''' will update the counters, not only TCP packets. | The rule is evaluated from the left to the right, so '''any kind of packet''' will update the counters, not only TCP packets. | ||
== Stateful counters == | |||
nftables has native support for '''stateful counters''', i.e, counters not attached to a particular rule. Check the [[Stateful_objects | stateful objects]] page for more details. |
Revision as of 14:21, 21 July 2020
Counters are optional in nftables, thus, you need to explicitly specify them in the rule if you want them.
The following example allows you to account all tcp traffic that you machine receives:
% nft add rule filter input ip protocol tcp counter
An interesting feature of the counter action is that its position in the rule syntax matters. This rule is not equivalent to the previous rule:
% nft add rule filter input counter ip protocol tcp
The rule is evaluated from the left to the right, so any kind of packet will update the counters, not only TCP packets.
Stateful counters
nftables has native support for stateful counters, i.e, counters not attached to a particular rule. Check the stateful objects page for more details.