===================================================================
RCS file: /home/cvsd/home/cvs/scripts/shell/firewall/fw-universal.sh,v
retrieving revision 2.31
retrieving revision 2.32
diff -u -p -r2.31 -r2.32
--- scripts/shell/firewall/fw-universal.sh	2006/01/05 18:14:57	2.31
+++ scripts/shell/firewall/fw-universal.sh	2006/01/09 00:52:06	2.32
@@ -655,9 +655,39 @@ log_forward_drop()
 
 } # }}}
 
+do_ip_accounting()
+{ # {{{
+
+	if [ ! "x$DO_LOCAL_IP_ACCOUNTING" = "xno" ]; then
+		if [ ! -z "$NAT_LAN_IFACE" ]; then
+			IPACCT_IN_NAME="IPACCT_IN"
+			IPACCT_OUT_NAME="IPACCT_OUT"
+			$IPTABLES -N $IPACCT_IN_NAME	# download: from server to client
+			$IPTABLES -N $IPACCT_OUT_NAME	# upload: from client to server
+
+			ip="IP_$NAT_SUBNET_IFACE";
+			netmask="Mask_$NAT_SUBNET_IFACE"
+			localnet="${!ip}/${!netmask}"
+
+			$IPTABLES -A FORWARD -i $NAT_LAN_IFACE -d $localnet -j $IPACCT_IN_NAME
+			$IPTABLES -A FORWARD -o $NAT_LAN_IFACE -s $localnet -j $IPACCT_OUT_NAME
+
+			for client_ip in $IP_ACCT_CLIENTS; do
+				$IPTABLES -A $IPACCT_IN_NAME	-d $client_ip -j RETURN
+				$IPTABLES -A $IPACCT_OUT_NAME	-s $client_ip -j RETURN
+			done
+
+			$IPTABLES -A $IPACCT_IN_NAME  -j RETURN
+			$IPTABLES -A $IPACCT_OUT_NAME -j RETURN
+			
+		fi
+	fi
+
+} # }}}
+
 accept_related()
 { # {{{
-	
+
 	echo -en "Accepting ESTABLISHED, RELATED packets for IP:"
 	for iface in $INTERFACES; do
 		ip="IP_$iface";
@@ -824,6 +854,7 @@ case "$1" in
 		mangle_output
 		log_new_connections
 		drop_output
+		do_ip_accounting
 		allow_input
 		allow_output
 		allow_icmp