```dv
dv.paragraph(("https://jimr.fyi/" + dv.currentFilePath.replace(/\.md$/, "").replace(/ /g, "+")))
```
## π¦ Tracking Traffic with `iptables` on a Router
### π― Goal
Measure how much data internal servers send to (and receive from) the internet, using `iptables` β no extra software required.
---
### π οΈ How It Works
`iptables` is the Linux firewall. Besides filtering, it tracks:
- **Packet counts**
- **Byte totals**
We use it to count traffic **per internal IP**, like so:
```bash
iptables -A FORWARD -s 192.168.1.10 -j ACCEPT
```
This tracks **all traffic from 192.168.1.10** going out through the router.
To see totals:
```bash
iptables -L FORWARD -v -n -x
```
Youβll get output like:
```
pkts bytes target prot opt in out source destination
1000 500000 ACCEPT all -- * * 192.168.1.10 0.0.0.0/0
```
Repeat for each internal server IP.
---
### 𧱠Router Type
| Router Type | Supports iptables? | Realistic Use |
|-------------|--------------------|----------------|
| OpenWRT/DD-WRT | β
Yes | Great fit |
| pfSense/OPNsense | β (uses pf, not iptables) | Use traffic shapers instead |
| Consumer router | β Usually not | Flash OpenWRT if possible |
| Linux box as router | β
Yes | Ideal setup |
### π§Ή Resetting Counts
If you want to measure in time blocks (hourly, daily, etc):
```bash
iptables -Z
```
That resets counters without deleting rules.
---
### π Stopping or Cleaning Up
To remove a rule:
```bash
iptables -D FORWARD -s 192.168.1.10 -j ACCEPT
```
To flush all rules (be careful!):
```bash
iptables -F
```
---
### β οΈ Limitations
- Tracks IPs, not domain names
- Doesnβt split by protocol or app
- Wonβt see traffic not routed through this device (e.g., same-subnet)
---
### π Bonus: Persist Across Reboot
Add rules to `/etc/rc.local`, `iptables-save`, or a startup script depending on your system.
---
Let me know if you want a crontab-compatible script to log this automatically.