10.4. Resetting the Counters

The IP accounting counters will overflow if you leave them long enough. If they overflow, you will have difficulty determining the value they actually represent. To avoid this problem, you should read the accounting data periodically, record it, and then reset the counters back to zero to begin collecting accounting information for the next accounting interval.

The ipfwadm and ipchains commands provide you with a means of doing this quite simply:

# ipfwadm -A -z
or:
# ipchains -Z
or:
# iptables -Z
You can even combine the list and zeroing actions together to ensure that no accounting data is lost in between:
# ipfwadm -A -l -z
or:
# ipchains -L -Z
or:
# iptables -L -Z -v
These commands will first list the accounting data and then immediately zero the counters and begin counting again. If you are interested in collecting and using this information regularly, you would probably want to put this command into a script that recorded the output and stored it somewhere, and execute the script periodically using the cron command.