GUID
Я немного переделал этот скрипт так чтобы не затирать оригинальную цепочку FORWARD.
post-firewall у меня выглядит так
Code:
#!/bin/sh
iptables -N STAT_IP
iptables -I FORWARD 1 -j STAT_IP
iptables -A STAT_IP -s 192.168.100.97 -j RETURN
iptables -A STAT_IP -d 192.168.100.97 -j RETURN
iptables -A STAT_IP -s 192.168.100.118 -j RETURN
iptables -A STAT_IP -d 192.168.100.118 -j RETURN
iptables -A STAT_IP -s 192.168.100.5 -j RETURN
iptables -A STAT_IP -d 192.168.100.5 -j RETURN
iptables -A STAT_IP -s 192.168.100.16 -j RETURN
iptables -A STAT_IP -d 192.168.100.16 -j RETURN
iptables -A STAT_IP -j RETURN
192.168.100.97 и другие - это адреса, по которым у меня считается статистика
Скрипт end нужно немного видоизменить
Code:
#!/bin/sh
ULOG="/opt/Billing/total"
DATE="/opt/Billing/logs/`date +%d-%m-%Y`"
LOG="/opt/Billing/users/`date +%d-%m-%Y`"
WEB="/opt/share/www/user.html"
rm $LOG
rm $ULOG
iptables -nvxL STAT_IP | grep 192.168 | grep 0.0.0.0/0 | awk '{
if (($2) != 0){print($2,$8,$9)}}'>> $DATE
iptables -Z
cat /opt/etc/users | awk '{if(($2) != ""){system("/opt/Billing/cnt "$2)}}'
sleep 5s
ls -l /opt/Billing/users/ | awk '{system("cat /opt/Billing/users/"$9)}' | awk '
BEGIN{a=0;b=0,c=" "}
{
if(($3) != 0 && ($2) != 0)
{
if (index($2,"d") == 0){a=(a+$2)}
if (index($3,"d") == 0){b=(b+$3)}
}
}
END
{
if((a) != 0){printf("%.2f",a);printf(c)}else{print 0}
if((b) != 0){printf("%.2f",b)}else{print 0}
}' >> $ULOG
echo "<html><link rel=stylesheet type=text/css href=vnstat_blue.css><body>" >> $WEB
echo "<body><table border=1>" > $WEB
echo "<tr><td><font color=blue>User_id</font></td><td><font color=green>Input:</font></td><td><font color=red>Output:</font></td><td><font color=blue>Total:</font></td><td><font color=blue>All day's:</font></td>" >> $WEB
ls -1 /opt/Billing/users/ | awk '{print("<tr><td>"$1"</td></tr>");system("cat /opt/Billing/users/"$1)}' | awk '{
print(\
"<tr><td><font color=blue>",$1,"</font></td><td><font color=green>",$2,"</font></td><td><font color=red>",$3,"</font></td><td><font color=blue>",$4,"</font></td><td><font color=blue>",$5,"</font></td></tr>")}' >> $WEB
echo "<tr><td><font color=blue>All total:</font></td>`cat /opt/Billing/total | awk '{print(\"<td><font color=green>\",$1,\"</font></td><td><font color=red>\",$2,\"</font></td>\")}'`</tr>" >> $WEB
echo "</table></body></html>" >> $WEB
В итоге
Code:
$ iptables -nvxL FORWARD
Chain FORWARD (policy ACCEPT 188 packets, 15352 bytes)
pkts bytes target prot opt in out source destination
4759 3158274 STAT_IP all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
11 484 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 TCPMSS clamp to PMTU
4571 3142922 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all -- !br0 ppp0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- !br0 vlan1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
0 0 DROP all -- * br0 0.0.0.0/0 0.0.0.0/0
Code:
$ iptables -nvxL STAT_IP
Chain STAT_IP (1 references)
pkts bytes target prot opt in out source destination
269 11684 RETURN all -- * * 192.168.100.97 0.0.0.0/0
269 354384 RETURN all -- * * 0.0.0.0/0 192.168.100.97
0 0 RETURN all -- * * 192.168.100.118 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.100.118
0 0 RETURN all -- * * 192.168.100.5 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.100.5
0 0 RETURN all -- * * 192.168.100.16 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0