0

I create a chain and immediately want to add rules there, but for some reason they are not added. When the iptables -L <chain-name> chain is output, only its empty body and a list of links to it are output, which is also equal to 0. My code:

run_command(f"iptables -N {chain_name}")
run_command(f"iptables -I {chain_name} -p tcp --dport {port} -j {chain_name} -m quota --quota {LIMIT}")
run_command(f"iptables -I {chain_name} -p udp --dport {port} -j {chain_name} -m quota --quota {LIMIT}")
run_command(f"iptables -I {chain_name} -p tcp --sport {port} -j {chain_name} -m quota --quota {LIMIT}")
run_command(f"iptables -I {chain_name} -p udp --sport {port} -j {chain_name} -m quota --quota {LIMIT}")

I've upgraded the code, now the rules are added to my chain, but they don't count the number of bytes:

def run_command(command, ignore_error=False):
try:
    subprocess.run(command, shell=True, check=True)
except subprocess.CalledProcessError as e:
    if not ignore_error:
        print(f"Error running command '{command}': {e}")

run_command(f"iptables -N {chain_name}")
run_command(f"iptables -I {chain_name} -p tcp --dport {port} -j ACCEPT -m quota --quota {LIMIT}")
run_command(f"iptables -I {chain_name} -p udp --dport {port} -j ACCEPT -m quota --quota {LIMIT}")
run_command(f"iptables -I {chain_name} -p tcp --sport {port} -j ACCEPT -m quota --quota {LIMIT}")
run_command(f"iptables -I {chain_name} -p udp --sport {port} -j ACCEPT -m quota --quota {LIMIT}")

Chain output:

root@swiftlyvpn:~# iptables -L SHADOWSOCKS_10000 -n -v -x | grep ':10000 '
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:10000 quota: 107374182400 bytes
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:10000 quota: 107374182400 bytes
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:10000 quota: 107374182400 bytes
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:10000 quota: 107374182400 bytes
Improve this question
5
  • Looks like you're using a wrap function, is it in python, bashor something else ?
    – ramius
    Commented May 31 at 10:23
  • This is python, I just need to insert these rules into the chain. Please tell me what is wrong with my commands? I insert {chain_name} after -I to insert the rule into the chain. At the end, I use {chain_name} to create a quota.
    – EgasVegas
    Commented May 31 at 10:58
  • It's in python that I use BASH commands to paste into the console*
    – EgasVegas
    Commented May 31 at 11:06
  • 2
    This question would be easier to answer with a minimal, reproducible example. For all we know, the implementation of your run_command function may be faulty. Maybe it doesn't actually run commands! Show us code that we can ourselves to reproduce the behavior you're asking about.
    – larsks
    Commented May 31 at 11:35
  • I changed the entry. Provided more code. I changed the commands, now they add rules to the chain, but the byte counter does not work. That is, previously, both incoming and outgoing traffic was taken into account. Now the number of bytes is always 0. I understand that you need to set up chains to count incoming and outgoing traffic, but how?
    – EgasVegas
    Commented May 31 at 13:46

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .