1*a71a9546SAutomerger Merge WorkerThe "quota2" implements a named counter which can be increased or decreased 2*a71a9546SAutomerger Merge Workeron a per-match basis. Available modes are packet counting or byte counting. 3*a71a9546SAutomerger Merge WorkerThe value of the counter can be read and reset through procfs, thereby making 4*a71a9546SAutomerger Merge Workerthis match a minimalist accounting tool. 5*a71a9546SAutomerger Merge Worker.PP 6*a71a9546SAutomerger Merge WorkerWhen counting down from the initial quota, the counter will stop at 0 and 7*a71a9546SAutomerger Merge Workerthe match will return false, just like the original "quota" match. In growing 8*a71a9546SAutomerger Merge Worker(upcounting) mode, it will always return true. 9*a71a9546SAutomerger Merge Worker.TP 10*a71a9546SAutomerger Merge Worker\fB\-\-grow\fP 11*a71a9546SAutomerger Merge WorkerCount upwards instead of downwards. 12*a71a9546SAutomerger Merge Worker.TP 13*a71a9546SAutomerger Merge Worker\fB\-\-no\-change\fP 14*a71a9546SAutomerger Merge WorkerMakes it so the counter or quota amount is never changed by packets matching 15*a71a9546SAutomerger Merge Workerthis rule. This is only really useful in "quota" mode, as it will allow you to 16*a71a9546SAutomerger Merge Workeruse complex prerouting rules in association with the quota system, without 17*a71a9546SAutomerger Merge Workercounting a packet twice. 18*a71a9546SAutomerger Merge Worker.TP 19*a71a9546SAutomerger Merge Worker\fB\-\-name\fP \fIname\fP 20*a71a9546SAutomerger Merge WorkerAssign the counter a specific name. This option must be present, as an empty 21*a71a9546SAutomerger Merge Workername is not allowed. Names starting with a dot or names containing a slash are 22*a71a9546SAutomerger Merge Workerprohibited. 23*a71a9546SAutomerger Merge Worker.TP 24*a71a9546SAutomerger Merge Worker[\fB!\fP] \fB\-\-quota\fP \fIiq\fP 25*a71a9546SAutomerger Merge WorkerSpecify the initial quota for this counter. If the counter already exists, 26*a71a9546SAutomerger Merge Workerit is not reset. An "!" may be used to invert the result of the match. The 27*a71a9546SAutomerger Merge Workernegation has no effect when \fB\-\-grow\fP is used. 28*a71a9546SAutomerger Merge Worker.TP 29*a71a9546SAutomerger Merge Worker\fB\-\-packets\fP 30*a71a9546SAutomerger Merge WorkerCount packets instead of bytes that passed the quota2 match. 31*a71a9546SAutomerger Merge Worker.PP 32*a71a9546SAutomerger Merge WorkerBecause counters in quota2 can be shared, you can combine them for various 33*a71a9546SAutomerger Merge Workerpurposes, for example, a bytebucket filter that only lets as much traffic go 34*a71a9546SAutomerger Merge Workerout as has come in: 35*a71a9546SAutomerger Merge Worker.PP 36*a71a9546SAutomerger Merge Worker\-A INPUT \-p tcp \-\-dport 6881 \-m quota \-\-name bt \-\-grow; 37*a71a9546SAutomerger Merge Worker\-A OUTPUT \-p tcp \-\-sport 6881 \-m quota \-\-name bt; 38