On Sun, 2019-11-10 at 19:37 +0000, Brian wrote: > On Sun 10 Nov 2019 at 10:26:17 -0800, Kushal Kumaran wrote: > [...] > > One thing you could try is to examine the iptables rule counters > > daily/weekly. If the counters do not increase during some > > interval, > > then the rule is no longer useful to you, so you could delete > > it. This > > should be fairly straightforward to automate, but I don't know if > > someone has already built this tooling. > > I hardly use iptables, so this is the first I have heard about rule > counters. I'll work something out to accomodate it.
And you can zero all the counters with "/sbin/iptables -Z" (or zero individual rule couters if you want). -- Tixy
