Hi Kai,
This kind of rules are for traffic accounting purposes.
For example, imagine that you want to create a Grafana graphic for account all the web traffic (http and https) that goes through your firewall. For it you can create an accounting rule like this in the FORWARD chain of your firewall:
The compilation of this rule will be:
Bash:
$IPTABLES -N FWCRULE106311.ACC
$IPTABLES -A FWCRULE106311.ACC -j RETURN
$IPTABLES -A FORWARD -p tcp -m multiport --dports 80,443 -j FWCRULE106311.ACC
The chain
FWCRULE106311.ACC will be created and it will do nothing with the matching traffic, it will only account the number of packets and bytes that matches it.
With the next command you can get the amount of packets and bytes that the chain has matched and then inject it into the Grafana graph:
Bash:
# iptables -L FWCRULE106311.ACC -v
Chain FWCRULE106311.ACC (1 references)
pkts bytes target prot opt in out source destination
4 567 RETURN all -- any any anywhere anywhere