Manpages

Manpage of IPACSET

IPACSET

Section: IPAC (8)
Updated: AUGUST 2000
Index
Return to Main Contents
 

NAME

ipacset - set kernel ip accounting rules  

SYNOPSIS

ipacset [-D] [ config-file ]  

DESCRIPTION

ipacset is part of the ipac linux ip accounting package.

ipacset reads config-file or, if omitted, the file /etc/ipac.conf and sets the kernel ip accounting rules by calling the appropriate control tool. The tool is ipfwadm(8) if you use a linux kernel version 2.0.* or ipchains(8) if you have linux 2.1.* or 2.2.*. Each rule can be seen as a single counter which separately counts specific ip traffic data. The definition of which rule counts which data is in the config file.

ipacset stores the names of the rules from the config file in the file /var/run/ip-accounting-rules whenever it runs. fetchipac(8) uses the information from this file.  

OPTIONS

-D
run in "debug" mode; reads the configuration file and prints the commands it would execute.
--fix-chains
When using ipchains, only set up the correct chains and jump rules for ipac, then exit. (When using ipfwadm, just exit.)
 

CONFIG FILE FORMAT

The config file, normally /etc/ipac.conf, consists of lines with one rule per line. Lines beginning with # and empty lines are ignored. Every other line has six fields which are separated by pipeline characters (|). The fields are Name of rule, direction, interface, protocol, source and destination.

There are no extra spaces allowed between the pipeline characters and the field content!

Name of rule
is a name for the rule. The name's function is to identify the rule. It can have any length and any character in it, without "|". Don't make it longer than 40 characters.

If you have two or more rules with exactly the same name, ipac sees them as one and the traffic counted by both of them is summarized. Both rules are sort of ORed together.

direction
Specify the direction the data goes through an interface. Data is counted only if the direction matches. It can be either in (count data coming in via an interface), out (count data going out through an interface) or both (count both in- and outgoing data).
interface
This identifies an interface where the traffic is to be counted. The name of the interface (for example eth0) should be used. A depreciated way to specify it is by its ip number in dotted quad format (e.g. 123.123.123.123 - this is depreciated because the new ipchains firewall code does not support it; if you have ipchains, the meaning is "use the first interface which had this ip number when ipacset was run"; if you have ipfwadm, it means "use the interface which has this ip number when an ip packet passes"). If empty, the traffic is counted for any interface.
protocol
This is to specify which protocols the traffic that is counted belongs to. It can be either tcp, udp, icmp or all.
source, destination
These specify the source ip address/es and port numbers the data comes from and the destination ip address/es and port numbers it goes to. Only if both match, the data is counted by this rule.

The syntax of source and destination matches exactly the syntax of corresponding options of the kernel ip accounting / firewall control tool.

If you run a 2.0.* kernel, this is ipfwadm(8), and the -S and -D parameter syntax in its man page describes the syntax of these fields.

If you run a 2.1.* or 2.2.* kernel, the tool is called ipchains(8), and the parameters in question are -s / --source and -d / --destination.

As a matter of fact, these two settings are simply passed over to the control tool - with one exception: Since ipchains limits the number of tcp/udp/icmp port numbers in source and destination to one (or one range), the old ipfwadm behavior is emulated for 2.2.* kernels (a list of port specifications, separated by space, is accepted).

 

BUGS

The settings ipacset makes can be corrupted by other scripts or tools which add or delete firewall rules in the kernel tables. Specifically, if ipchains is used and something deletes ipac's "jump" rules from the standard chains input and/or output, ipac will no longer count anything. This can also happen if you flush a standard chain (ipchains -F or --flush). fetchipac most likely detects corrupted settings and automagically runs ipacset --fix-chains (see section OPTIONS) to fix this condition. However, all data about traffic passing between the call to ipchains --flush and the next call to fetchipac will be lost.

To avoid the loss of accounting information, always run ipacset --fix-chains immediately after the jump rules were deleted (or may have been deleted). ipacset will make sure everything is set up correctly.  

FILES

/etc/ipac.conf
The default ipac configuration file.
/var/run/ip-accounting-rules
ip accounting rule name file.
 

VERSION

This man page belongs to ipac version 1.10. For updates and other information, look at http://www.comlink.apc.org/~moritz/ipac.html  

AUTHOR

Moritz Both <moritz@daneben.de>  

SEE ALSO

fetchipac(8), ipacsum(8), ipfwadm(8), ipchains(8).


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
CONFIG FILE FORMAT
BUGS
FILES
VERSION
AUTHOR
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 23:54:49 GMT, March 01, 2024