tobiaswaldvogel
commented
2 months ago Hi thanks for your interest in this project.
Surprisingly I did not find any existing collectd nftables plugin, although iptables is already phased out by several Linux distributions. This is why I started this plugin.
As the main focus is on embedded devices it was especially optimized to consume as little resources as possible, so it should be suitable to address your resource consumption issue.
I'm using this plugin myself now for several months with named counters and no measurable performance overhead (I'm also collecting statistics on the collectd process itself to measure this)
Basically the only open topic is counters on rules with the same comment.
Unnamed counters in rules are selected by comment and that might be ambiguous as the same comment may be used in several chains. So the plan is to include the chain name as well and update the config and Luci page accordingly.
As there was little interest in this project so far my main focus was my own requirement, (i.e. named counters) and there was no priority nor a plan to get it in the main OpenWRT package repository.
Anyway feel free to use it and to report any issues, if you find some.
Probably I can also complete the mentioned open topics in the next weeks.
Hi I just found this repository when doing research on how to solve my problem with the metrics of the OpenWrt Crowdsec bouncer.
Having the nftable counters available in collectd and then publishing collectd data for prometheus would be a clean way to provide information about blocked connection attempts.
Is there a plan to release / PR the collectd-mod-nftables and luci-app-statistics-nftables soon?