open_source:ccgx:ccgx_traffic_counting
This is an old revision of the document!
Table of Contents
Traffic counting on the CCGX
There are situation in which it is interesting to know the traffic usage of the color control. This can be done on the CCGX using iptables. To do so requires a number of changes on the CCGX, which are described on this page.
The rules
The following code clears all the existing rules from iptables and adds rules for counting specific traffic.
#Flush all iptables -F #Delete all user defined chains iptables -X #ACCEPT traffic to local host iptables -I INPUT -s 127.0.0.0/8 -j ACCEPT iptables -I OUTPUT -d 127.0.0.0/8 -j ACCEPT #ACCEPT traffic to the local LAN iptables -I INPUT -s 10.0.0.0/8 -j ACCEPT iptables -I OUTPUT -d 10.0.0.0/8 -j ACCEPT iptables -I INPUT -s 172.16.0.0/12 -j ACCEPT iptables -I OUTPUT -d 172.16.0.0/12 -j ACCEPT iptables -I INPUT -s 192.168.0.0/16 -j ACCEPT iptables -I OUTPUT -d 192.168.0.0/16 -j ACCEPT #ACCEPT multicast traffic iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT iptables -I OUTPUT -d 224.0.0.0/4 -j ACCEPT #ACCEPT broadcast traffic (dhcp) iptables -I INPUT -d 255.255.255.255 -j ACCEPT iptables -I OUTPUT -d 255.255.255.255 -j ACCEPT #Send all remaining traffic to OTHER_IN/OUT and log iptables -N OTHER_IN #The following line can oly be used when the xt_limit kernel module is available #iptables -A OTHER_IN -j LOG -m limit --limit 10/hour --log-prefix "IPTables-OTHER_IN: " --log-level 7 iptables -A OTHER_IN -j ACCEPT iptables -N OTHER_OUT #The following line can oly be used when the xt_limit kernel module is available #iptables -A OTHER_OUT -j LOG -m limit --limit 10/hour --log-prefix "IPTables-OTHER_IN: " --log-level 7 iptables -A OTHER_OUT -j ACCEPT iptables -A INPUT -g OTHER_IN iptables -A OUTPUT -g OTHER_OUT iptables -N REMOTE_SUPPORT_IN iptables -I REMOTE_SUPPORT_IN -j ACCEPT iptables -N REMOTE_SUPPORT_OUT iptables -I REMOTE_SUPPORT_OUT -j ACCEPT iptables -I OTHER_IN -s supporthost.victronenergy.com -g REMOTE_SUPPORT_IN iptables -I OTHER_OUT -d supporthost.victronenergy.com -g REMOTE_SUPPORT_OUT iptables -N VRM_IN iptables -I VRM_IN -j ACCEPT iptables -N VRM_OUT iptables -I VRM_OUT -j ACCEPT iptables -I OTHER_IN -s ccgxlogging.victronenergy.com -g VRM_IN iptables -I OTHER_OUT -d ccgxlogging.victronenergy.com -g VRM_OUT iptables -N UPDATE_IN iptables -I UPDATE_IN -j ACCEPT iptables -N UPDATE_OUT iptables -I UPDATE_OUT -j ACCEPT iptables -I OTHER_IN -s updates.victronenergy.com -g UPDATE_IN iptables -I OTHER_OUT -d updates.victronenergy.com -g UPDATE_OUT iptables -N PUBNUB_IN iptables -I PUBNUB_IN -j ACCEPT iptables -N PUBNUB_OUT iptables -I PUBNUB_OUT -j ACCEPT iptables -I OTHER_IN -s 54.246.196.128/26 -g PUBNUB_IN iptables -I OTHER_OUT -d 54.246.196.128/26 -g PUBNUB_OUT iptables -I OTHER_IN -s 54.93.127.192/26 -g PUBNUB_IN iptables -I OTHER_OUT -d 54.93.127.192/26 -g PUBNUB_OUT iptables -N NTP_IN iptables -I NTP_IN -j ACCEPT iptables -N NTP_OUT iptables -I NTP_OUT -j ACCEPT iptables -I OTHER_IN -p udp --sport 123 -g NTP_IN iptables -I OTHER_OUT -p udp --dport 123 -g NTP_OUT iptables -N DNS_IN iptables -I DNS_IN -j ACCEPT iptables -N DNS_OUT iptables -I DNS_OUT -j ACCEPT iptables -I OTHER_IN -p tcp --sport domain -g DNS_IN iptables -I OTHER_IN -p udp --sport domain -g DNS_IN iptables -I OTHER_OUT -p tcp --dport domain -g DNS_OUT iptables -I OTHER_OUT -p udp --dport domain -g DNS_OUT #Connman online check iptables -N CONNMAN_IN iptables -I CONNMAN_IN -j ACCEPT iptables -N CONNMAN_OUT iptables -I CONNMAN_OUT -j ACCEPT iptables -I OTHER_IN -s ipv4.connman.net -g CONNMAN_IN iptables -I OTHER_OUT -d ipv4.connman.net -g CONNMAN_OUT
Viewing the data
After executing these commands, the traffic by iptables. The data can be viewed by giving the command
iptables -L -x -v -n
open_source/ccgx/ccgx_traffic_counting.1427719565.txt.gz · Last modified: 2015-03-30 14:46 by thiemovanengelen