With the IP-Tables plugin you can gather statistics from your ip_tables based packet filter (aka. firewall). It can collect the byte- and packet-counters of selected rules and submit them to collectd. You can select rules that should be collected wither by its position (e. g. "the fourth rule in the "INPUT" queue in the filter table") or by its comment (using the "COMMENT" match). This means that depending on your firewall layout you can collect certain services (such as the amount of web-traffic), source or destination hosts or networks, dropped packets and much more.
Of course this plugin uses libiptc and does not fork the iptables(8) application. This means that it is talking directly with the kernel and the overhead is as low as it gets.
<Plugin "iptables"> Chain "filter" "FORWARD" </Plugin>
- Linux 2.4 or later with ip_tables