1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
.\" Process this file with
.\" groff -man -Tascii foo.1
.\" $Id: ipacset.8,v 1.6 1998/07/29 12:36:42 moritz Exp $
.\"
.TH IPACSET 8 "JULY 1998" Linux "IPAC"
.SH NAME
ipacset \- set kernel ip accounting rules
.SH SYNOPSIS
.B ipacset [-D] [
.I config-file
.B ]
.SH DESCRIPTION
.B ipacset
is part of the
.B ipac
linux ip accounting package.
.B ipacset
reads
.I config-file
or, if omitted, the file
.\" =()<.I @<RULESFILE>@>()=
.I /etc/ipac.conf
and sets the kernel ip accounting rules by calling
.BR ipfwadm (8).
Each rule can be seen as a single counter which separately counts specific
ip traffic data. The definition of which rule counts which data is in the
config file.
.B ipacset
stores the names of the rules from the config file in the file
.\" =()<.I @<RUNFILE>@>()=
.I /var/run/ip-accounting-rules
whenever it runs.
.BR fetchipac (8)
uses the information from this file.
.SH OPTIONS
.IP -D
run in "debug" mode; reads the configuration file and prints the
commands it would execute.
.SH CONFIG FILE FORMAT
The config file, normally
.\" =()<.IR "@<RULESFILE>@",>()=
.IR "/etc/ipac.conf",
consists of lines with one rule per line. Lines beginning with # and
empty lines are ignored. Every other line has six fields which are
separated by pipeline characters (|). The fields are
.BR "Name of rule" , " direction" , " interface" , " protocol" ,
.BR " source " and " destination" .
.TP
.B Name of rule
is a unique name for the rule. There can't be two rules with the same
name. The name's function is to identify the rule. It can have any length
and any character in it, without "|". Don't make it longer than 40
characters.
.TP
.B direction
Specify the direction the data goes through an interface. Data is counted
only if the direction matches.
It can be either
.B in
(count data coming in via an interface),
.B out
(count data going out through an interface) or
.B both
(count both in- and outgoing data).
.TP
.B interface
This identifies an interface where the traffic is to be counted. It can
be either an ip number in dotted quad format (e.g.
.BR 123.123.123.123 )
or
an interface name (for example
.BR eth0 )
.TP
.B protocol
This is to specify which protocols the traffic that is counted belongs to.
It can be either
.BR tcp , " udp" , " icmp " or " all" .
.TP
.BR source , " destination"
These specify the source ip address/es and port numbers the data comes from
and the destination ip address/es and port numbers it goes to. Only if both
match, the data is counted by this rule. The syntax of source and destination
matches exactly the syntax of the -S and -D parameters to
.BI ipfwadm (8)
and is thus not explained here. (As a matter of fact, these two settings
are simply passed over to ipfwadm.)
.SH FILES
.\" =()<.I @<RULESFILE>@>()=
.I /etc/ipac.conf
.RS
The default ipac configuration file.
.RE
.\" =()<.I @<RUNFILE>@>()=
.I /var/run/ip-accounting-rules
.RS
ip accounting rule name file.
.RE
.SH BUGS
Report some!
.SH VERSION
.\" =()<This man page belongs to ipac version @<VERSION>@.>()=
This man page belongs to ipac version 0.99.
For updates and other
information, look at
.B http://www.comlink.apc.org/~moritz/ipac.html
.SH AUTHOR
Moritz Both <moritz@daneben.de>
.SH "SEE ALSO"
.BR fetchipac (8),
.BR ipacsum (8),
.BR ipfwadm (8).
|
