Для тех, кто хотел контролировать интернет-трафик предлагаю скриптик:
Code:
#!/bin/sh
# Controlled address
ADDR1=192.168.1.2
ADDR2=192.168.1.3
ADDR3=192.168.1.10
# Address discardable from internet traffic (network of provider)
ADDRLOCAL=10.0.0.0/8
# Maximum traffic in bytes/month
MAXTRAFF=200000000
# Reset counter
DAILY=01
HOUR=00
MINUTE=00
# Directory for storing RRD Databases
RRDDATA=/opt/var/lib/rrd/
# Directory for storing webpages / images
RRDIMG=/opt/share/www/graph/
#======================================
# Changes to iptables
if [ "`iptables -L FORWARD -nvx | grep $ADDR1 | awk '{print ($9)}'`" != "$ADDR1" ];
then
iptables -I FORWARD 1 -i vlan1 -s ! $ADDRLOCAL -d $ADDR1/32 -j RETURN
fi
if [ "`iptables -L FORWARD -nvx | grep $ADDR2 | awk '{print ($9)}'`" != "$ADDR2" ];
then
iptables -I FORWARD 1 -i vlan1 -s ! $ADDRLOCAL -d $ADDR2/32 -j RETURN
fi
if [ "`iptables -L FORWARD -nvx | grep $ADDR3 | awk '{print ($9)}'`" != "$ADDR3" ] ;
then
iptables -I FORWARD 1 -i vlan1 -s ! $ADDRLOCAL -d $ADDR3/32 -j RETURN
fi
#====================================
if [ ! -d "${RRDDATA}" ]
then
mkdir -p "${RRDDATA}"
fi
INETRRD="${RRDDATA}itraffic.rrd"
CreateRRD ()
{
rrdtool create "${1}" \
DS:1:GAUGE:600:0:"${2}" \
DS:2:GAUGE:600:0:"${2}" \
DS:3:GAUGE:600:0:"${2}" \
RRA:LAST:0.5:1:576 \
RRA:LAST:0.5:6:672 \
RRA:LAST:0.5:24:732 \
RRA:LAST:0.5:144:1460
}
if [ ! -f "${INETRRD}" ]
then
CreateRRD "${INETRRD}" "${MAXTRAFF}"
fi
TRAFF1=`iptables -L FORWARD -nvx |grep $ADDR1 | awk '{print ($2)}'`
TRAFF2=`iptables -L FORWARD -nvx |grep $ADDR2 | awk '{print ($2)}'`
TRAFF3=`iptables -L OUTPUT -nvx |grep $ADDR4 | awk '{print ($2)}'`
# Update the Databases
`rrdupdate "${INETRRD}" -t 1:2:3 N:"${TRAFF1}":"${TRAFF2}":"${TRAFF3}"`
# $1 = ImageFile , $2 = Time in secs to go back , $3 = RRDfil , $4 = GraphText
CreateGraphInet ()
{
rrdtool graph "${1}.new" -a PNG --base 1024 -s -"${2}" -w 1000 -h 340 -v "Traffic" \
'DEF:ds1='${3}':1:LAST' \
'DEF:ds2='${3}':2:LAST' \
'DEF:ds3='${3}':3:LAST' \
'LINE2:ds1#00FF00:'${5}'' \
GPRINT:ds1:LAST:" Internet traffic %6.2lf %s" \
'LINE2:ds2#1F90FF:'${6}' ' \
GPRINT:ds2:LAST:"Internet traffic %6.2lf %s" \
'LINE2:ds3#FF0000:'${7}' ' \
GPRINT:ds3:LAST:"Internet traffic %6.2lf %s" \
-t "${4}"
mv -f "${1}.new" "${1}"
}
# Set time-variables
MTIME=`date "+%M"`
HTIME=`date "+%H"`
DTIME=`date "+%d"`
# Update Daily graphs every 10 mins
#if [ "${MTIME}" = 00 ] || [ "${MTIME}" = 10 ] || [ "${MTIME}" = 20 ] || [ "${MTIME}" = 30 ] || [ "${MTIME}" = 40 ] || [ "${MTIME}" = 50 ];
#then
CreateGraphInet "${RRDIMG}inetday.png" 86400 "${INETRRD}" INET "${ADDR1}" "${ADDR2}" "${ADDR4}"
#fi
# Update Weekly graph once an hour
if [ "${MTIME}" = 40 ];
then
CreateGraphInet "${RRDIMG}inetweek.png" 604800 "${INETRRD}" INET "${ADDR1}" "${ADDR2}" "${ADDR4}"
fi
# Update Monthly and Yearly graphs once a day (maby twice a day on 12h settings)
if [ "${HTIME}" = 05 ] && [ "${MTIME}" = 05 ];
then
CreateGraphInet "${RRDIMG}inetmonth.png" 2678400 "${INETRRD}" INET "${ADDR1}" "${ADDR2}" "${ADDR4}"
CreateGraphInet "${RRDIMG}inetyear.png" 31536000 "${INETRRD}" INET "${ADDR1}" "${ADDR2}" "${ADDR4}"
fi
if [ "${DTIME}" = $DAILY ] && [ "${HTIME}" = $HOUR ] && [ "${MTIME}" = $MINUTE ] ;
then
iptables -D FORWARD -i vlan1 -s ! $ADDRLOCAL -d $ADDR1/32 -j RETURN
iptables -D FORWARD -i vlan1 -s ! $ADDRLOCAL -d $ADDR2/32 -j RETURN
iptables -D FORWARD -i vlan1 -s ! $ADDRLOCAL -d $ADDR3/32 -j RETURN
iptables -I FORWARD 1 -i vlan1 -s ! $ADDRLOCAL -d $ADDR1/32 -j RETURN
iptables -I FORWARD 1 -i vlan1 -s ! $ADDRLOCAL -d $ADDR2/32 -j RETURN
iptables -I FORWARD 1 -i vlan1 -s ! $ADDRLOCAL -d $ADDR3/32 -j RETURN
fi
В начале ставить свои данные. Это до #==============
Данные графиков обнуляются в начале каждого месяца. # Reset counter
Адреса для контроля трафика.# Controlled address
Локальная сеть провайдера для исключения из трафика.# Address discardable .....
Максимальный трафик за учетный период.# Maximum traffic in bytes/month