nftables alternative command like iptables -L -n -v

Question

there is an alternative for command

iptables -L -n -v

in nftables ?? I need the counter of packages that tomb on my firewall.

score 2 · Accepted Answer · answered Jun 28 '17 at 21:46

2

nftables does not automatically create counters for rules, but if you have a rule with a counter then they can be displayed with nft list ruleset.

So if I have a ruleset like this.

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;
        ...
        # icmp
        ip protocol icmp   counter accept
        ip6 nexthdr icmpv6 counter accept
    }
}

I get the output of nft list ruleset that looks liek this.

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;
        ...
        ip protocol icmp counter packets 22040 bytes 781548 accept
        ip6 nexthdr ipv6-icmp counter packets 67 bytes 4824 accept
    }
}

answered Jun 28 '17 at 21:46

Zoredache

130,897
41
276
420

but it count all from run firewall yes ?? And not from "now" like "watch iptables -L etc... " – VANILKA Jun 28 '17 at 23:12
The counters are from the time that the rule set is activated. – Zoredache Jun 28 '17 at 23:48
oh.. so its not what I need.. domage. But thank you for your response – VANILKA Jun 28 '17 at 23:55
If you are looking for changes perhaps try something like this? `watch -d -n 5 'nft list ruleset | grep counter'` Adjusting the `-n 5` to an interval size that is interesting to you? – Zoredache Jun 29 '17 at 00:10

nftables alternative command like iptables -L -n -v

1 Answers1