> See "man iptables-extensions" and "man iptables". I don't know how this
> works with firewall-cmd, but I imagine firewalld "just" manages
> iptables?
Yes thats right
>>>> I am running CentOS Linux release 7.9.2009 (Core). Is there a way to
>>>> find
>>>> out which process consumed network bandwidth during a specific time
>>>> period?
>>>>
>>>> For example, the Nginx process consumed how much network traffic on
>>>> Sept
>>>> 01, 2021.
>>> As far as I know, such accounting isn't done in a standard CentOS
>>> system, so there's no way to determine such information about a past
>>> event
>
> While you probably can't recover such information for past events,
> going forward, iptables can help you figure this out. Putting an
> IPtables
> rule in the OUTPUT table prior to ACCEPTing the packets can help, e.g.:
>
> iptables -A OUTPUT -p tcp -m owner --uid-owner nginx -j ACCEPT
>
> because now "iptables -L" will display a count of the packets that
> matched
> each rule and the number of bytes. By comparing with the total packets
> and bytes for a given time period, you can work out the share for
> nginx.
> You can also estimate packet and byte counts by IP and port using this
> method. You could run an hourly cronjob to log the stats.
That is nice solution! Why do you add a new output rule rather you can
look at the existing port rule:
# iptables -v -L | grep https
xxx yyy ACCEPT tcp -- any any anywhere anywhere
tcp dpt:https ctstate NEW,UNTRACKED
xxx is number packets, yyy is number bytes. If adding OUTPUT rule, what
is gained?