On Tue, 5 Mar 2002, Boniforti Flavio wrote: > iptables -I FORWARD -j acc_01 > iptables -I FORWARD -j acc_02
> 428 112K acc_CA all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 428 112K acc_IN all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Looking at the pkts/bytes counts I notice that they're pretty the same > value!!! What does this mean? Am I correct assuming that both counters have > the same value because they're counting EACH packet that passes through > those chains? Yes, each packet goes through each chain because Your FORWARD rules. This is rather poor design. > If so, how do I get the exact byte-count for my user-defined > chains? Or would it be better NOT to use "-j RETURN" target? You can ie. use rule for each machine in one [or more] common user_defined_chain[s] [one defined_chain for input and one for output for example]. Chains can be placed in FORWARD or mangle table in FORWARD chain [mangle5hooks required]. Also can use RETURN or ACCEPT, depending of situation. Regards tw -- ---------------- ck.eter.tym.pl
