There are situation in which it is interesting to know the traffic usage of the color control. This can be done on the CCGX using iptables. To do so requires a number of changes on the CCGX, which are described on this page.

The following code clears all the existing rules from iptables and adds rules for counting specific traffic.

#Flush all
iptables -F
#Delete all user defined chains
iptables -X


#ACCEPT traffic to local host
iptables -I INPUT -s 127.0.0.0/8 -j ACCEPT
iptables -I OUTPUT -d 127.0.0.0/8 -j ACCEPT
#ACCEPT traffic to the local LAN
iptables -I INPUT -s 10.0.0.0/8 -j ACCEPT
iptables -I OUTPUT -d 10.0.0.0/8 -j ACCEPT
iptables -I INPUT -s 172.16.0.0/12 -j ACCEPT
iptables -I OUTPUT -d 172.16.0.0/12 -j ACCEPT
iptables -I INPUT -s 192.168.0.0/16 -j ACCEPT
iptables -I OUTPUT -d 192.168.0.0/16 -j ACCEPT

#ACCEPT multicast traffic
iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT
iptables -I OUTPUT -d 224.0.0.0/4 -j ACCEPT

#ACCEPT broadcast traffic (dhcp)
iptables -I INPUT -d 255.255.255.255 -j ACCEPT
iptables -I OUTPUT -d 255.255.255.255 -j ACCEPT

#Send all remaining traffic to OTHER_IN/OUT and log
iptables -N OTHER_IN
#The following line can oly be used when the xt_limit kernel module is available
#iptables -A OTHER_IN -j LOG -m limit --limit 10/hour --log-prefix "IPTables-OTHER_IN: " --log-level 7
iptables -A OTHER_IN -j ACCEPT
iptables -N OTHER_OUT
#The following line can oly be used when the xt_limit kernel module is available
#iptables -A OTHER_OUT -j LOG -m limit --limit 10/hour --log-prefix "IPTables-OTHER_IN: " --log-level 7
iptables -A OTHER_OUT -j ACCEPT
iptables -A INPUT -g OTHER_IN
iptables -A OUTPUT -g OTHER_OUT

iptables -N REMOTE_SUPPORT_IN
iptables -I REMOTE_SUPPORT_IN -j ACCEPT
iptables -N REMOTE_SUPPORT_OUT
iptables -I REMOTE_SUPPORT_OUT -j ACCEPT
iptables -I OTHER_IN -s supporthost.victronenergy.com -g REMOTE_SUPPORT_IN
iptables -I OTHER_OUT -d supporthost.victronenergy.com -g REMOTE_SUPPORT_OUT

iptables -N VRM_IN
iptables -I VRM_IN -j ACCEPT
iptables -N VRM_OUT
iptables -I VRM_OUT -j ACCEPT
iptables -I OTHER_IN -s ccgxlogging.victronenergy.com -g VRM_IN
iptables -I OTHER_OUT -d ccgxlogging.victronenergy.com -g VRM_OUT

iptables -N UPDATE_IN
iptables -I UPDATE_IN -j ACCEPT
iptables -N UPDATE_OUT
iptables -I UPDATE_OUT -j ACCEPT
iptables -I OTHER_IN -s updates.victronenergy.com -g UPDATE_IN
iptables -I OTHER_OUT -d updates.victronenergy.com -g UPDATE_OUT

iptables -N PUBNUB_IN
iptables -I PUBNUB_IN -j ACCEPT
iptables -N PUBNUB_OUT
iptables -I PUBNUB_OUT -j ACCEPT
iptables -I OTHER_IN -s 54.246.196.128/26 -g PUBNUB_IN
iptables -I OTHER_OUT -d 54.246.196.128/26 -g PUBNUB_OUT
iptables -I OTHER_IN -s 54.93.127.192/26 -g PUBNUB_IN
iptables -I OTHER_OUT -d 54.93.127.192/26 -g PUBNUB_OUT

iptables -N NTP_IN
iptables -I NTP_IN -j ACCEPT
iptables -N NTP_OUT
iptables -I NTP_OUT -j ACCEPT
iptables -I OTHER_IN -p udp --sport 123 -g NTP_IN
iptables -I OTHER_OUT -p udp --dport 123 -g NTP_OUT

iptables -N DNS_IN
iptables -I DNS_IN -j ACCEPT
iptables -N DNS_OUT
iptables -I DNS_OUT -j ACCEPT
iptables -I OTHER_IN -p tcp --sport domain -g DNS_IN
iptables -I OTHER_IN -p udp --sport domain -g DNS_IN
iptables -I OTHER_OUT -p tcp --dport domain -g DNS_OUT
iptables -I OTHER_OUT -p udp --dport domain -g DNS_OUT

#Connman online check
iptables -N CONNMAN_IN
iptables -I CONNMAN_IN -j ACCEPT
iptables -N CONNMAN_OUT
iptables -I CONNMAN_OUT -j ACCEPT
iptables -I OTHER_IN -s ipv4.connman.net -g CONNMAN_IN
iptables -I OTHER_OUT -d ipv4.connman.net -g CONNMAN_OUT

After executing these commands, the traffic by iptables. The data can be viewed by giving the command

iptables -L -x -v -n