udhcpc reinits iptables FORWARD chain

[erlis]

I'm working on a per host traffic monitoring script, using RETURN rules in the FORWARD chain.

The problem is that whenever udhcpc get a new wan lease the FORWARD chain is reloaded, loosing my own rules among with its counters..

Is there any way to avoid this or should i modify my script??

Any suggestions for some new iptables rules to log the in/out to each lan user?

This is the iptables rules i would like to use:

Code:

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RETURN     tcp  --  192.168.0.21         0.0.0.0/0
RETURN     tcp  --  0.0.0.0/0            192.168.0.21

[sodb]

I experience similar problems,e.g. iptables rules disappear without a reset of the router. I can not figure out what the disapperaing triggers. I am using pptp from my router to ADSL modem (ppp0 WAN interface). I checked whether a re-establishment of the ppp session triggers the lost of iptables FORWARD rules. Indeed, the rules disappear!

How to save these (ip accounting) FORWARD rules or how to know when ppp session is re-established?

[Oleg]

use post-firewall to recover rules. in fact asus code flushes firewall on every reconnect/renew.

[sodb]

Yes, how obvious...... it works. Initially I put the rules in the post-boot script. Because I use rrdtools to log traffic, a reset of the iptable counter is only a 5 minute loss of data.