1.PP 2The "quota2" implements a named counter which can be increased or decreased 3on a per-match basis. Available modes are packet counting or byte counting. 4The value of the counter can be read and reset through procfs, thereby making 5this match a minimalist accounting tool. 6.PP 7When counting down from the initial quota, the counter will stop at 0 and 8the match will return false, just like the original "quota" match. In growing 9(upcounting) mode, it will always return true. 10.TP 11\fB\-\-grow\fP 12Count upwards instead of downwards. 13.TP 14\fB\-\-no\-change\fP 15Makes it so the counter or quota amount is never changed by packets matching 16this rule. This is only really useful in "quota" mode, as it will allow you to 17use complex prerouting rules in association with the quota system, without 18counting a packet twice. 19.TP 20\fB\-\-name\fP \fIname\fP 21Assign the counter a specific name. This option must be present, as an empty 22name is not allowed. Names starting with a dot or names containing a slash are 23prohibited. 24.TP 25[\fB!\fP] \fB\-\-quota\fP \fIiq\fP 26Specify the initial quota for this counter. If the counter already exists, 27it is not reset. An "!" may be used to invert the result of the match. The 28negation has no effect when \fB\-\-grow\fP is used. 29.TP 30\fB\-\-packets\fP 31Count packets instead of bytes that passed the quota2 match. 32.PP 33Because counters in quota2 can be shared, you can combine them for various 34purposes, for example, a bytebucket filter that only lets as much traffic go 35out as has come in: 36.PP 37\-A INPUT \-p tcp \-\-dport 6881 \-m quota \-\-name bt \-\-grow; 38\-A OUTPUT \-p tcp \-\-sport 6881 \-m quota \-\-name bt; 39