
The connbytes match is used to match many bytes or packets a connection (or one
of the two flows constituting the connection) have tranferred so far.

The counters are 64bit and are thus not expected to overflow ;)

The primary use is to detect long-lived downloads and mark them to be
scheduled using a lower priority band in traffic control.

The transfered bytes per connection can also be viewed through
/proc/net/ip_conntrack and accessed via ctnetlink

Usage:
[!] --connbytes FROM:[TO] [--direction original|reply|both]
[!] --connpkts FROM:[TO] [--direction original|reply|both]
[!] --connavgpkt FROM:[TO] [--direction original|reply|both]

will match packets from a connection which transfered more than FROM and less
than TO bytes/packets. if TO is omitted only FROM check is done. "!" is used to
match packets not falling in the range.

Example:

iptables .. -m connbytes --connbytes 10000:100000 ...

