Implementing a quota using iptables in an openwrt system












0














I would like to explain what I'm currently working on briefly and explain issues I need to address.



We have a device (a TP-link Access Point) that we have our custom linux kernel running (which is a modified OpenWrt OS). In this device we use LUA and shell scripts to enforce certain rules. We use iptables firewall and with some research I've been able to achieve these:




  • Create main iptables chains to keep track of uploaded and downloaded data separately. Note that this accounts cumulative data traffic.


  • Create user specific sub-rules that count Upload/Download because iptables doesn't create necessary rules to account a certain user (by IP) automatically.


  • At some point I noticed that when access point is rebooted, I would lose all iptables chains. I added a script into /etc/init.d to init quota (this would add main iptables chains for accounting traffic.)


  • I noticed I would lose IP-specific sub rules too. To solve this, I used dnsmasq. When dnsmasq leases an IP to a device (whether it being new/old lease), a script creates specific iptables rule so that this user's usage is counted. This was possible thanks to dnsmasq having an option to run a script which is triggered on lease.


  • I've also created two different scripts which creates json files that has IP, Download & Upload (in bytes) in it. These are going to be used in our IOS/Android app to provide user some functionalities such as viewing reports, creating quota and restricting usage etc.



Up to this point, I can keep track of which client downloaded/uploaded how much data. I can restore my iptables rules after a reset and when a device is connected I add it's IP address with relevant iptables rules. However, I have some issues:




  • My computer which I use in the office (Win10/Ubuntu) is connected to AP I am using to test constantly and for some reason unless I manually disconnect, take a static IP, then turn DHCP client on to trigger a DHCP lease from AP, it doesn't trigger my script. This means that after AP is restarted, I have down-time on my traffic accounting for some users.


  • Even if I create main and sub-rules with properly triggered scripts, it still resets the counters. I need to somehow keep my counter going between AP resets, client disconnects etc.


  • iptables AFAIK doesn't support traffic accounting by MAC address by default. I know there are alternatives, such as iptables modules that may achieve that. However, I am supposed to not use any external libaries/packages due to device's limitations. (e.g it has 16 mb flash memory in total)



I am aware I can use crontab to save current usage, reset counters, have timestamps and read logs to have healthy usage statistics. However this means a lot of parsing and I also think this will not be efficient disk usage-wise. We may probably use cloud (which we already use for various reasons) to save logs.



Also about MAC and IP thing, I realized DHCP leases same IP to same device, it probably has something to do with the way it was implemented in the first place. My computer is given 192.168.42.244 every time, for example. The reason I mention that is, I could probably just have a file where I save MAC and IP addresses, periodically test if their iptables rules are up, if not, add rules to ensure they are being accounted. Then, I feel like running a crontab task like every minute would probably not be very efficient.



I think whole these can be achieved properly, I just feel a bit lost when to start accounting effectively (during lease/ on boot/ periodically), also how to distinguish devices (in case a different IP is leased to same device for some reason) and lastly what should I relay on most? arp? dhcp.leases? a client_list file that I maintain myself?



I am also sharing some scripts that I use, for somebody else that works on a similar thing.



This is init_quota, comment is pretty self explanatory:



#!/bin/sh
# this script creates relevant chains to account traffic

iptables -N TRAFFIC_ACCT_IN
iptables -N TRAFFIC_ACCT_OUT
iptables -I FORWARD -i eth0 -j TRAFFIC_ACCT_IN
iptables -I FORWARD -o eth0 -j TRAFFIC_ACCT_OUT


This is /etc/detect_new_device.sh which is triggered on a DHCP lease. (dnsmasq option)
dnsmasq calls this script with arguments seen on comments.
Creates "sub-rules" that I mentioned above. At first I would use "add|old" trigger, but it wasn't consistent, so I made it such that it adds the rule if a rule doesn't currently exist for that specific IP.
I also used this to save mac/ip/device name in a text file for further possible use.
Note that it updates IP of a device (distinguished by MAC address) by removing previous match and adding a new line.



#!/bin/sh                                                                                                                                                                                                   

# This script detects new DHCP lease to trigger relevant iptables command.
#
# $1: add | old
# $2: MAC address
# $3: IP address
# $4: device name

if [ ! -f /root/quota/client_list ] ; then
touch /root/quota/client_list
fi

sed -i "/$2/d" /root/quota/client_list

echo -n "$2 " >> /root/quota/client_list
echo -n "$3 " >> /root/quota/client_list
echo -n "$4 " >> /root/quota/client_list
echo "" >> /root/quota/client_list

iptables -L TRAFFIC_ACCT_IN -n -v -x | grep -q "$3"
chain_exists=$?

if [ "$chain_exists" -ne 0 ]; then
iptables -A TRAFFIC_ACCT_IN --dst "$3"
iptables -A TRAFFIC_ACCT_OUT --src "$3"
fi


I also use this all_usage.sh which lists and formats traffic report into a json file:



#!/bin/sh

iptables -L TRAFFIC_ACCT_IN -v -x -n | awk '$1 ~ /^[0-9]+$/ { printf "%sn", $8}' >> ip_list.txt
ips="/root/quota/ip_list.txt"

rm result.txt
touch result.txt
echo "[ " >> tmp_result.txt

while IFS='' read -r line || [[ -n "$line" ]]; do

ip_add=$line
bytes_down=$(iptables -L TRAFFIC_ACCT_IN -v -x -n | grep $ip_add | awk '$1 ~ /^[0-9]+$/ {printf "%sn", $2}')
bytes_up=$(iptables -L TRAFFIC_ACCT_OUT -v -x -n | grep $ip_add | awk '$1 ~ /^[0-9]+$/ {printf "%sn", $2}')
template='{"ip":"%s","down":"%s","up":"%s"}'
current_string=$(printf "$template" "$ip_add" "$bytes_down" "$bytes_up")
echo "$current_string," >> tmp_result.txt
done < "$ips"

sed '$s/,$//' tmp_result.txt >> result.txt
echo "]" >> result.txt

rm ip_list.txt tmp_result.txt


result.txt looks like this:



[
{"ip":"192.168.42.227","down":"485223","up":"163955"},
{"ip":"192.168.42.191","down":"0","up":"0"},
{"ip":"192.168.42.186","down":"602397","up":"61924"},
{"ip":"192.168.42.210","down":"28323","up":"4987"},
{"ip":"192.168.42.244","down":"420916885","up":"20119892"},
{"ip":"192.168.42.221","down":"0","up":"0"},
{"ip":"192.168.42.197","down":"26812","up":"783"}
]









share|improve this question









New contributor




Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0














    I would like to explain what I'm currently working on briefly and explain issues I need to address.



    We have a device (a TP-link Access Point) that we have our custom linux kernel running (which is a modified OpenWrt OS). In this device we use LUA and shell scripts to enforce certain rules. We use iptables firewall and with some research I've been able to achieve these:




    • Create main iptables chains to keep track of uploaded and downloaded data separately. Note that this accounts cumulative data traffic.


    • Create user specific sub-rules that count Upload/Download because iptables doesn't create necessary rules to account a certain user (by IP) automatically.


    • At some point I noticed that when access point is rebooted, I would lose all iptables chains. I added a script into /etc/init.d to init quota (this would add main iptables chains for accounting traffic.)


    • I noticed I would lose IP-specific sub rules too. To solve this, I used dnsmasq. When dnsmasq leases an IP to a device (whether it being new/old lease), a script creates specific iptables rule so that this user's usage is counted. This was possible thanks to dnsmasq having an option to run a script which is triggered on lease.


    • I've also created two different scripts which creates json files that has IP, Download & Upload (in bytes) in it. These are going to be used in our IOS/Android app to provide user some functionalities such as viewing reports, creating quota and restricting usage etc.



    Up to this point, I can keep track of which client downloaded/uploaded how much data. I can restore my iptables rules after a reset and when a device is connected I add it's IP address with relevant iptables rules. However, I have some issues:




    • My computer which I use in the office (Win10/Ubuntu) is connected to AP I am using to test constantly and for some reason unless I manually disconnect, take a static IP, then turn DHCP client on to trigger a DHCP lease from AP, it doesn't trigger my script. This means that after AP is restarted, I have down-time on my traffic accounting for some users.


    • Even if I create main and sub-rules with properly triggered scripts, it still resets the counters. I need to somehow keep my counter going between AP resets, client disconnects etc.


    • iptables AFAIK doesn't support traffic accounting by MAC address by default. I know there are alternatives, such as iptables modules that may achieve that. However, I am supposed to not use any external libaries/packages due to device's limitations. (e.g it has 16 mb flash memory in total)



    I am aware I can use crontab to save current usage, reset counters, have timestamps and read logs to have healthy usage statistics. However this means a lot of parsing and I also think this will not be efficient disk usage-wise. We may probably use cloud (which we already use for various reasons) to save logs.



    Also about MAC and IP thing, I realized DHCP leases same IP to same device, it probably has something to do with the way it was implemented in the first place. My computer is given 192.168.42.244 every time, for example. The reason I mention that is, I could probably just have a file where I save MAC and IP addresses, periodically test if their iptables rules are up, if not, add rules to ensure they are being accounted. Then, I feel like running a crontab task like every minute would probably not be very efficient.



    I think whole these can be achieved properly, I just feel a bit lost when to start accounting effectively (during lease/ on boot/ periodically), also how to distinguish devices (in case a different IP is leased to same device for some reason) and lastly what should I relay on most? arp? dhcp.leases? a client_list file that I maintain myself?



    I am also sharing some scripts that I use, for somebody else that works on a similar thing.



    This is init_quota, comment is pretty self explanatory:



    #!/bin/sh
    # this script creates relevant chains to account traffic

    iptables -N TRAFFIC_ACCT_IN
    iptables -N TRAFFIC_ACCT_OUT
    iptables -I FORWARD -i eth0 -j TRAFFIC_ACCT_IN
    iptables -I FORWARD -o eth0 -j TRAFFIC_ACCT_OUT


    This is /etc/detect_new_device.sh which is triggered on a DHCP lease. (dnsmasq option)
    dnsmasq calls this script with arguments seen on comments.
    Creates "sub-rules" that I mentioned above. At first I would use "add|old" trigger, but it wasn't consistent, so I made it such that it adds the rule if a rule doesn't currently exist for that specific IP.
    I also used this to save mac/ip/device name in a text file for further possible use.
    Note that it updates IP of a device (distinguished by MAC address) by removing previous match and adding a new line.



    #!/bin/sh                                                                                                                                                                                                   

    # This script detects new DHCP lease to trigger relevant iptables command.
    #
    # $1: add | old
    # $2: MAC address
    # $3: IP address
    # $4: device name

    if [ ! -f /root/quota/client_list ] ; then
    touch /root/quota/client_list
    fi

    sed -i "/$2/d" /root/quota/client_list

    echo -n "$2 " >> /root/quota/client_list
    echo -n "$3 " >> /root/quota/client_list
    echo -n "$4 " >> /root/quota/client_list
    echo "" >> /root/quota/client_list

    iptables -L TRAFFIC_ACCT_IN -n -v -x | grep -q "$3"
    chain_exists=$?

    if [ "$chain_exists" -ne 0 ]; then
    iptables -A TRAFFIC_ACCT_IN --dst "$3"
    iptables -A TRAFFIC_ACCT_OUT --src "$3"
    fi


    I also use this all_usage.sh which lists and formats traffic report into a json file:



    #!/bin/sh

    iptables -L TRAFFIC_ACCT_IN -v -x -n | awk '$1 ~ /^[0-9]+$/ { printf "%sn", $8}' >> ip_list.txt
    ips="/root/quota/ip_list.txt"

    rm result.txt
    touch result.txt
    echo "[ " >> tmp_result.txt

    while IFS='' read -r line || [[ -n "$line" ]]; do

    ip_add=$line
    bytes_down=$(iptables -L TRAFFIC_ACCT_IN -v -x -n | grep $ip_add | awk '$1 ~ /^[0-9]+$/ {printf "%sn", $2}')
    bytes_up=$(iptables -L TRAFFIC_ACCT_OUT -v -x -n | grep $ip_add | awk '$1 ~ /^[0-9]+$/ {printf "%sn", $2}')
    template='{"ip":"%s","down":"%s","up":"%s"}'
    current_string=$(printf "$template" "$ip_add" "$bytes_down" "$bytes_up")
    echo "$current_string," >> tmp_result.txt
    done < "$ips"

    sed '$s/,$//' tmp_result.txt >> result.txt
    echo "]" >> result.txt

    rm ip_list.txt tmp_result.txt


    result.txt looks like this:



    [
    {"ip":"192.168.42.227","down":"485223","up":"163955"},
    {"ip":"192.168.42.191","down":"0","up":"0"},
    {"ip":"192.168.42.186","down":"602397","up":"61924"},
    {"ip":"192.168.42.210","down":"28323","up":"4987"},
    {"ip":"192.168.42.244","down":"420916885","up":"20119892"},
    {"ip":"192.168.42.221","down":"0","up":"0"},
    {"ip":"192.168.42.197","down":"26812","up":"783"}
    ]









    share|improve this question









    New contributor




    Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0







      I would like to explain what I'm currently working on briefly and explain issues I need to address.



      We have a device (a TP-link Access Point) that we have our custom linux kernel running (which is a modified OpenWrt OS). In this device we use LUA and shell scripts to enforce certain rules. We use iptables firewall and with some research I've been able to achieve these:




      • Create main iptables chains to keep track of uploaded and downloaded data separately. Note that this accounts cumulative data traffic.


      • Create user specific sub-rules that count Upload/Download because iptables doesn't create necessary rules to account a certain user (by IP) automatically.


      • At some point I noticed that when access point is rebooted, I would lose all iptables chains. I added a script into /etc/init.d to init quota (this would add main iptables chains for accounting traffic.)


      • I noticed I would lose IP-specific sub rules too. To solve this, I used dnsmasq. When dnsmasq leases an IP to a device (whether it being new/old lease), a script creates specific iptables rule so that this user's usage is counted. This was possible thanks to dnsmasq having an option to run a script which is triggered on lease.


      • I've also created two different scripts which creates json files that has IP, Download & Upload (in bytes) in it. These are going to be used in our IOS/Android app to provide user some functionalities such as viewing reports, creating quota and restricting usage etc.



      Up to this point, I can keep track of which client downloaded/uploaded how much data. I can restore my iptables rules after a reset and when a device is connected I add it's IP address with relevant iptables rules. However, I have some issues:




      • My computer which I use in the office (Win10/Ubuntu) is connected to AP I am using to test constantly and for some reason unless I manually disconnect, take a static IP, then turn DHCP client on to trigger a DHCP lease from AP, it doesn't trigger my script. This means that after AP is restarted, I have down-time on my traffic accounting for some users.


      • Even if I create main and sub-rules with properly triggered scripts, it still resets the counters. I need to somehow keep my counter going between AP resets, client disconnects etc.


      • iptables AFAIK doesn't support traffic accounting by MAC address by default. I know there are alternatives, such as iptables modules that may achieve that. However, I am supposed to not use any external libaries/packages due to device's limitations. (e.g it has 16 mb flash memory in total)



      I am aware I can use crontab to save current usage, reset counters, have timestamps and read logs to have healthy usage statistics. However this means a lot of parsing and I also think this will not be efficient disk usage-wise. We may probably use cloud (which we already use for various reasons) to save logs.



      Also about MAC and IP thing, I realized DHCP leases same IP to same device, it probably has something to do with the way it was implemented in the first place. My computer is given 192.168.42.244 every time, for example. The reason I mention that is, I could probably just have a file where I save MAC and IP addresses, periodically test if their iptables rules are up, if not, add rules to ensure they are being accounted. Then, I feel like running a crontab task like every minute would probably not be very efficient.



      I think whole these can be achieved properly, I just feel a bit lost when to start accounting effectively (during lease/ on boot/ periodically), also how to distinguish devices (in case a different IP is leased to same device for some reason) and lastly what should I relay on most? arp? dhcp.leases? a client_list file that I maintain myself?



      I am also sharing some scripts that I use, for somebody else that works on a similar thing.



      This is init_quota, comment is pretty self explanatory:



      #!/bin/sh
      # this script creates relevant chains to account traffic

      iptables -N TRAFFIC_ACCT_IN
      iptables -N TRAFFIC_ACCT_OUT
      iptables -I FORWARD -i eth0 -j TRAFFIC_ACCT_IN
      iptables -I FORWARD -o eth0 -j TRAFFIC_ACCT_OUT


      This is /etc/detect_new_device.sh which is triggered on a DHCP lease. (dnsmasq option)
      dnsmasq calls this script with arguments seen on comments.
      Creates "sub-rules" that I mentioned above. At first I would use "add|old" trigger, but it wasn't consistent, so I made it such that it adds the rule if a rule doesn't currently exist for that specific IP.
      I also used this to save mac/ip/device name in a text file for further possible use.
      Note that it updates IP of a device (distinguished by MAC address) by removing previous match and adding a new line.



      #!/bin/sh                                                                                                                                                                                                   

      # This script detects new DHCP lease to trigger relevant iptables command.
      #
      # $1: add | old
      # $2: MAC address
      # $3: IP address
      # $4: device name

      if [ ! -f /root/quota/client_list ] ; then
      touch /root/quota/client_list
      fi

      sed -i "/$2/d" /root/quota/client_list

      echo -n "$2 " >> /root/quota/client_list
      echo -n "$3 " >> /root/quota/client_list
      echo -n "$4 " >> /root/quota/client_list
      echo "" >> /root/quota/client_list

      iptables -L TRAFFIC_ACCT_IN -n -v -x | grep -q "$3"
      chain_exists=$?

      if [ "$chain_exists" -ne 0 ]; then
      iptables -A TRAFFIC_ACCT_IN --dst "$3"
      iptables -A TRAFFIC_ACCT_OUT --src "$3"
      fi


      I also use this all_usage.sh which lists and formats traffic report into a json file:



      #!/bin/sh

      iptables -L TRAFFIC_ACCT_IN -v -x -n | awk '$1 ~ /^[0-9]+$/ { printf "%sn", $8}' >> ip_list.txt
      ips="/root/quota/ip_list.txt"

      rm result.txt
      touch result.txt
      echo "[ " >> tmp_result.txt

      while IFS='' read -r line || [[ -n "$line" ]]; do

      ip_add=$line
      bytes_down=$(iptables -L TRAFFIC_ACCT_IN -v -x -n | grep $ip_add | awk '$1 ~ /^[0-9]+$/ {printf "%sn", $2}')
      bytes_up=$(iptables -L TRAFFIC_ACCT_OUT -v -x -n | grep $ip_add | awk '$1 ~ /^[0-9]+$/ {printf "%sn", $2}')
      template='{"ip":"%s","down":"%s","up":"%s"}'
      current_string=$(printf "$template" "$ip_add" "$bytes_down" "$bytes_up")
      echo "$current_string," >> tmp_result.txt
      done < "$ips"

      sed '$s/,$//' tmp_result.txt >> result.txt
      echo "]" >> result.txt

      rm ip_list.txt tmp_result.txt


      result.txt looks like this:



      [
      {"ip":"192.168.42.227","down":"485223","up":"163955"},
      {"ip":"192.168.42.191","down":"0","up":"0"},
      {"ip":"192.168.42.186","down":"602397","up":"61924"},
      {"ip":"192.168.42.210","down":"28323","up":"4987"},
      {"ip":"192.168.42.244","down":"420916885","up":"20119892"},
      {"ip":"192.168.42.221","down":"0","up":"0"},
      {"ip":"192.168.42.197","down":"26812","up":"783"}
      ]









      share|improve this question









      New contributor




      Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I would like to explain what I'm currently working on briefly and explain issues I need to address.



      We have a device (a TP-link Access Point) that we have our custom linux kernel running (which is a modified OpenWrt OS). In this device we use LUA and shell scripts to enforce certain rules. We use iptables firewall and with some research I've been able to achieve these:




      • Create main iptables chains to keep track of uploaded and downloaded data separately. Note that this accounts cumulative data traffic.


      • Create user specific sub-rules that count Upload/Download because iptables doesn't create necessary rules to account a certain user (by IP) automatically.


      • At some point I noticed that when access point is rebooted, I would lose all iptables chains. I added a script into /etc/init.d to init quota (this would add main iptables chains for accounting traffic.)


      • I noticed I would lose IP-specific sub rules too. To solve this, I used dnsmasq. When dnsmasq leases an IP to a device (whether it being new/old lease), a script creates specific iptables rule so that this user's usage is counted. This was possible thanks to dnsmasq having an option to run a script which is triggered on lease.


      • I've also created two different scripts which creates json files that has IP, Download & Upload (in bytes) in it. These are going to be used in our IOS/Android app to provide user some functionalities such as viewing reports, creating quota and restricting usage etc.



      Up to this point, I can keep track of which client downloaded/uploaded how much data. I can restore my iptables rules after a reset and when a device is connected I add it's IP address with relevant iptables rules. However, I have some issues:




      • My computer which I use in the office (Win10/Ubuntu) is connected to AP I am using to test constantly and for some reason unless I manually disconnect, take a static IP, then turn DHCP client on to trigger a DHCP lease from AP, it doesn't trigger my script. This means that after AP is restarted, I have down-time on my traffic accounting for some users.


      • Even if I create main and sub-rules with properly triggered scripts, it still resets the counters. I need to somehow keep my counter going between AP resets, client disconnects etc.


      • iptables AFAIK doesn't support traffic accounting by MAC address by default. I know there are alternatives, such as iptables modules that may achieve that. However, I am supposed to not use any external libaries/packages due to device's limitations. (e.g it has 16 mb flash memory in total)



      I am aware I can use crontab to save current usage, reset counters, have timestamps and read logs to have healthy usage statistics. However this means a lot of parsing and I also think this will not be efficient disk usage-wise. We may probably use cloud (which we already use for various reasons) to save logs.



      Also about MAC and IP thing, I realized DHCP leases same IP to same device, it probably has something to do with the way it was implemented in the first place. My computer is given 192.168.42.244 every time, for example. The reason I mention that is, I could probably just have a file where I save MAC and IP addresses, periodically test if their iptables rules are up, if not, add rules to ensure they are being accounted. Then, I feel like running a crontab task like every minute would probably not be very efficient.



      I think whole these can be achieved properly, I just feel a bit lost when to start accounting effectively (during lease/ on boot/ periodically), also how to distinguish devices (in case a different IP is leased to same device for some reason) and lastly what should I relay on most? arp? dhcp.leases? a client_list file that I maintain myself?



      I am also sharing some scripts that I use, for somebody else that works on a similar thing.



      This is init_quota, comment is pretty self explanatory:



      #!/bin/sh
      # this script creates relevant chains to account traffic

      iptables -N TRAFFIC_ACCT_IN
      iptables -N TRAFFIC_ACCT_OUT
      iptables -I FORWARD -i eth0 -j TRAFFIC_ACCT_IN
      iptables -I FORWARD -o eth0 -j TRAFFIC_ACCT_OUT


      This is /etc/detect_new_device.sh which is triggered on a DHCP lease. (dnsmasq option)
      dnsmasq calls this script with arguments seen on comments.
      Creates "sub-rules" that I mentioned above. At first I would use "add|old" trigger, but it wasn't consistent, so I made it such that it adds the rule if a rule doesn't currently exist for that specific IP.
      I also used this to save mac/ip/device name in a text file for further possible use.
      Note that it updates IP of a device (distinguished by MAC address) by removing previous match and adding a new line.



      #!/bin/sh                                                                                                                                                                                                   

      # This script detects new DHCP lease to trigger relevant iptables command.
      #
      # $1: add | old
      # $2: MAC address
      # $3: IP address
      # $4: device name

      if [ ! -f /root/quota/client_list ] ; then
      touch /root/quota/client_list
      fi

      sed -i "/$2/d" /root/quota/client_list

      echo -n "$2 " >> /root/quota/client_list
      echo -n "$3 " >> /root/quota/client_list
      echo -n "$4 " >> /root/quota/client_list
      echo "" >> /root/quota/client_list

      iptables -L TRAFFIC_ACCT_IN -n -v -x | grep -q "$3"
      chain_exists=$?

      if [ "$chain_exists" -ne 0 ]; then
      iptables -A TRAFFIC_ACCT_IN --dst "$3"
      iptables -A TRAFFIC_ACCT_OUT --src "$3"
      fi


      I also use this all_usage.sh which lists and formats traffic report into a json file:



      #!/bin/sh

      iptables -L TRAFFIC_ACCT_IN -v -x -n | awk '$1 ~ /^[0-9]+$/ { printf "%sn", $8}' >> ip_list.txt
      ips="/root/quota/ip_list.txt"

      rm result.txt
      touch result.txt
      echo "[ " >> tmp_result.txt

      while IFS='' read -r line || [[ -n "$line" ]]; do

      ip_add=$line
      bytes_down=$(iptables -L TRAFFIC_ACCT_IN -v -x -n | grep $ip_add | awk '$1 ~ /^[0-9]+$/ {printf "%sn", $2}')
      bytes_up=$(iptables -L TRAFFIC_ACCT_OUT -v -x -n | grep $ip_add | awk '$1 ~ /^[0-9]+$/ {printf "%sn", $2}')
      template='{"ip":"%s","down":"%s","up":"%s"}'
      current_string=$(printf "$template" "$ip_add" "$bytes_down" "$bytes_up")
      echo "$current_string," >> tmp_result.txt
      done < "$ips"

      sed '$s/,$//' tmp_result.txt >> result.txt
      echo "]" >> result.txt

      rm ip_list.txt tmp_result.txt


      result.txt looks like this:



      [
      {"ip":"192.168.42.227","down":"485223","up":"163955"},
      {"ip":"192.168.42.191","down":"0","up":"0"},
      {"ip":"192.168.42.186","down":"602397","up":"61924"},
      {"ip":"192.168.42.210","down":"28323","up":"4987"},
      {"ip":"192.168.42.244","down":"420916885","up":"20119892"},
      {"ip":"192.168.42.221","down":"0","up":"0"},
      {"ip":"192.168.42.197","down":"26812","up":"783"}
      ]






      shell-script iptables dhcp openwrt dnsmasq






      share|improve this question









      New contributor




      Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited yesterday









      Rui F Ribeiro

      39.2k1479130




      39.2k1479130






      New contributor




      Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked yesterday









      Bonellia

      12




      12




      New contributor




      Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Bonellia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Bonellia is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f492463%2fimplementing-a-quota-using-iptables-in-an-openwrt-system%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Bonellia is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Bonellia is a new contributor. Be nice, and check out our Code of Conduct.













          Bonellia is a new contributor. Be nice, and check out our Code of Conduct.












          Bonellia is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f492463%2fimplementing-a-quota-using-iptables-in-an-openwrt-system%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          How to make a Squid Proxy server?

          Is this a new Fibonacci Identity?

          19世紀