How to count packets coming from outside using iptables? [duplicate]

iptables

If you don't give iptables a target, it simply counts how many bytes and packets match the rule. I'd like to count all packets that come from outside, i.e. don't match 10.0.0.0/8 and don't match 192.168.0.0/16.

My first intuition is:

iptables -A INPUT ! -s 10.0.0.0/8,192.168.0.0/16

However this adds two rules, of which each count separately, and no count of outside packets is discernible. So how do I count outside packets?


I would be tempted to do something like this by creating a chain. Then adding rules to the chain to return the stuff you don't want. The stuff that lasts to the final rule of the chain will be the stuff you do want.

# untested
# create a new input counter chain
/sbin/iptables -t filter -N inputcounter
# redirect all traffic to chain
/sbin/iptables -t filter -A INPUT -j inputcounter
# return stuff we don't want to count
/sbin/iptables -t filter -A inputcounter -s 10.0.0.0/8 -j RETURN
/sbin/iptables -t filter -A inputcounter -s 192.168.0.0/16 -j RETURN
# Final rule will return everything else.  This should be a count of 
# everything that wasn't not previously excluded
/sbin/iptables -t filter -A inputcounter -j RETURN

Related

Mail marked as spam (Gmail/Hotmail): IP not on blacklist, DKIM Valid, SPF Valid and DMARC valid
Difference between debian-keyring and debian-archive-keyring?
The Desktop Window Manager has exited with code (0x40010004)
How can I force mod_rewrite to send user info component of a URI?
In-place upgrade of VM running 2008 R2
fully qualified domain names, dhcp dns search suffixes, and trailing dots
Is it possible to run 2 concurrent tcpdump with different options?
Why postfix does MX lookup for relayhost?
Postfix - rate limit outgoing concurrent connections to one machine/ip
How can I generate/or edit a grub.cfg on each EFI partition that refers to the ubuntu installation on the same physical disk?
tomcat 9 configuration for port 443
How to choose which IP apache2 uses globally