Don't understand [0:0] iptable syntax

iptables

Solution 1:

The [0:0] or [1280:144299] or whatever are the count of [Packets:Bytes] that have been trough the chain . They are saved when you run an iptables-save command and are used by the iptables-restore command to initialise the counters.

The Packets and bytes values can be useful for some statistical purposes. Issuing an iptables-save command with the -c argument would then make it possible for us to reboot without breaking our statistical and accounting routines. (Quoted from Iptables Tutorial 1.2.2 - by Oskar Andreasson) Conclusively, restoring the iptables rules with Packets and bytes specified will not affect the rule behavior, just will keep a "stateful" track of Packets respectively bytes that match the rule.

Solution 2:

Every rule has two counters; the number of packets and the number of bytes that have matched each rule. The default policies also have counters.

This syntax goes in the input to iptables-restore and sets the counters to whatever number is in the square brackets. iptables-save puts the current value of the counters into the square brackets in its output.

You can see human-readable counts for each rule using:

iptables -L -n -v

and the raw values with

iptables -L -n -v -x

Related

Controlling HP ProLiant DL380 G6/G7 fan speed
How to make `rm` faster on ext3/linux?
Is it worth the effort to block failed login attempts
Securing SSH server against bruteforcing
How to enforce sender address to be "[email protected]" in Postfix?
block all but a few ips with firewalld
"No worthy mechs found" when trying to relay email to Gmail using Postfix
How browsers handle multiple IPs [closed]
How big should the swap partition be?
Mercurial (hg) with active directory
How to update the class object in system verilog after constructing?
Setting a default value in sqlalchemy