1The "quota2" implements a named counter which can be increased or decreased 2on a per-match basis. Available modes are packet counting or byte counting. 3The value of the counter can be read and reset through procfs, thereby making 4this match a minimalist accounting tool. 5.PP 6When counting down from the initial quota, the counter will stop at 0 and 7the match will return false, just like the original "quota" match. In growing 8(upcounting) mode, it will always return true. 9.TP 10\fB\-\-grow\fP 11Count upwards instead of downwards. 12.TP 13\fB\-\-no\-change\fP 14Makes it so the counter or quota amount is never changed by packets matching 15this rule. This is only really useful in "quota" mode, as it will allow you to 16use complex prerouting rules in association with the quota system, without 17counting a packet twice. 18.TP 19\fB\-\-name\fP \fIname\fP 20Assign the counter a specific name. This option must be present, as an empty 21name is not allowed. Names starting with a dot or names containing a slash are 22prohibited. 23.TP 24[\fB!\fP] \fB\-\-quota\fP \fIiq\fP 25Specify the initial quota for this counter. If the counter already exists, 26it is not reset. An "!" may be used to invert the result of the match. The 27negation has no effect when \fB\-\-grow\fP is used. 28.TP 29\fB\-\-packets\fP 30Count packets instead of bytes that passed the quota2 match. 31.PP 32Because counters in quota2 can be shared, you can combine them for various 33purposes, for example, a bytebucket filter that only lets as much traffic go 34out as has come in: 35.PP 36\-A INPUT \-p tcp \-\-dport 6881 \-m quota \-\-name bt \-\-grow; 37\-A OUTPUT \-p tcp \-\-sport 6881 \-m quota \-\-name bt; 38