12,270
edits
Ebtables: Difference between revisions
m
no edit summary
mNo edit summary |
|||
| (7 intermediate revisions by 2 users not shown) | |||
|
== /etc/network/interfaces ==
Valid if eth0.20 used
iface int0 inet static
# first let’s do some accounting.
# These rules need only match, not do anything, as we are interested in the
ebtables -N accounting -P RETURN
ebtables -A accounting --destination AC:DE:48:23:45:67/ff:ff:ff:ff:ff:ff
# mark incoming data so that we can account it.
# The iptables rules should work also with a default DROP target but then additional lines are needed to pass the data that is needed.
iptables -A FORWARD -i ppp0 -o int0 -j MARK --or-mark $MINET
ip6tables -A FORWARD -i ppp0 -o int0 -j MARK --or-mark $MINET
== Accounting ==
To save the accounting data,
I used a script called out from /etc/cron.hourly and will end up with a directory tree with accounting data that resembles that from AAISP’s clueless pages but broken down by MAC address. If I had [[Ethernet over ADSL]] then the ISP might do this step instead. Old data may need to be rotated away from the output area eventually though.
#!/bin/bash
MYTIME=`date +%s`
DIR=`date -d @$MYTIME +/var/local/ebacct/%Y-%m-%d/%H -u`
PARA=
if test -n "$(mkdir -pv $DIR)"
then
PARA=-Z
DIR=`date -d @$(( $MYTIME - 3600 )) +/var/local/ebacct/%Y-%m-%d/%H -u`
fi
while read F MAC N N N N N PACKET N N N OCTETS N
do
if test "$F" = "-d"
then
PT=$DIR/${MAC:0:2}${MAC:3:2}${MAC:6:2}${MAC:9:2}${MAC:12:2}${MAC:15:2}
mkdir -p $PT
echo $PACKET > $PT/packets
echo $OCTETS > $PT/octets
fi
done <<<"$(ebtables -L accounting --Lc --Lmac2 $PARA)"
[[Category:3rd Party Routers]]
| |||