Hi all: I want to monitor how much traffic a rule generates. I have a ntp server running behind shorewall and I want to know how much traffic it generates. UDP 123 forwarded to 192.168.1.2 which is the ntp server. Is it as simple as looking at the pkts and bytes columns like this: munin:~# shorewall show net2loc | grep udp 3425K 260M ACCEPT udp -- * * 0.0.0.0/0 192.168.1.2 udp dpt:123 /* NTP */ munin:~# Does this include all traffic passing through the fw to the internal machine? That is incoming and outgoing packets? Or is shorewall-accounting required to get the accurate output of the actual packet and bytes count? Shorewall 4.5.21.9. My fw have two interfaces: Eth0 is the external nic - connected to the Internet. Eth1 is the loc zone where the ntp server is located. Thanks, -Øyvind ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech