libxt_quota2.man revision e37d45ce390c2f5a7f1e64742b9100ecef0def54 
14e753558fc8cc2f77cbcd46fba80d8612e836a1esenorblanco@chromium.orgThe "quota2" implements a named counter which can be increased or decreased
2ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.comon a per-match basis. Available modes are packet counting or byte counting.
3ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.comThe value of the counter can be read and reset through procfs, thereby making
4ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.comthis match a minimalist accounting tool.
5ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.com.PP
64e753558fc8cc2f77cbcd46fba80d8612e836a1esenorblanco@chromium.orgWhen counting down from the initial quota, the counter will stop at 0 and
74e753558fc8cc2f77cbcd46fba80d8612e836a1esenorblanco@chromium.orgthe match will return false, just like the original "quota" match. In growing
88c4953c6f176469ad287c3270ab146e292b23badcommit-bot@chromium.org(upcounting) mode, it will always return true.
98c4953c6f176469ad287c3270ab146e292b23badcommit-bot@chromium.org.TP
10ec3ed6a5ebf6f2c406d7bcf94b6bc34fcaeb976eepoger@google.com\fB\-\-grow\fP
114e753558fc8cc2f77cbcd46fba80d8612e836a1esenorblanco@chromium.orgCount upwards instead of downwards.
12fbfcd5602128ec010c82cb733c9cdc0a3254f9f3rmistry@google.com.TP
134e753558fc8cc2f77cbcd46fba80d8612e836a1esenorblanco@chromium.org\fB\-\-no\-change\fP
144e753558fc8cc2f77cbcd46fba80d8612e836a1esenorblanco@chromium.orgMakes it so the counter or quota amount is never changed by packets matching
15f0ea77a3630e6d1c01d83aa5430b3780da9e88b6commit-bot@chromium.orgthis rule. This is only really useful in "quota" mode, as it will allow you to
168c4953c6f176469ad287c3270ab146e292b23badcommit-bot@chromium.orguse complex prerouting rules in association with the quota system, without
178c4953c6f176469ad287c3270ab146e292b23badcommit-bot@chromium.orgcounting a packet twice.
18.TP
19\fB\-\-name\fP \fIname\fP
20Assign the counter a specific name. This option must be present, as an empty
21name is not allowed. Names starting with a dot or names containing a slash are
22prohibited.
23.TP
24[\fB!\fP] \fB\-\-quota\fP \fIiq\fP
25Specify the initial quota for this counter. If the counter already exists,
26it is not reset. An "!" may be used to invert the result of the match. The
27negation has no effect when \fB\-\-grow\fP is used.
28.TP
29\fB\-\-packets\fP
30Count packets instead of bytes that passed the quota2 match.
31.PP
32Because counters in quota2 can be shared, you can combine them for various
33purposes, for example, a bytebucket filter that only lets as much traffic go
34out as has come in:
35.PP
36\-A INPUT \-p tcp \-\-dport 6881 \-m quota \-\-name bt \-\-grow;
37\-A OUTPUT \-p tcp \-\-sport 6881 \-m quota \-\-name bt;
38