So lately I have been working a lot more with Linux networking. Consider an iptables configuration like this:
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [7752:8249066] [..] -A RH-Firewall-1-FORWARD -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-FORWARD -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT [..] -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Fri Nov 21 15:44:47 2014
Ever noticed the brackets right next to the chain? What are those? What do the numbers mean?
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [7752:8249066]
The answer is pretty easy and pretty obvious in hindsight. These numbers report
- packet counter for the chain
- byte counter for the chain
So in our example above, the
OUTPUT chain matched 7752 packets and 8249066 bytes.