Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Jan 2021 15:42:43 +0200
From:      Dobri Dobrev <ddobrev85@gmail.com>
To:        freebsd-pf@freebsd.org
Subject:   PF not keeping counters in a counters-defined table
Message-ID:  <CAJHkgnf=0-PMPGRm0-K_rNoKO7w-RHTSVVnLuDNLM7o_G4=eAg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
 #
------------------------------------------------------------------------------------------------
# /etc/pf.conf:
set timeout tcp.first 45
set timeout tcp.opening 45
set timeout tcp.closing 15
set timeout tcp.finwait 15
set timeout tcp.closed 10
set timeout interval 10
set timeout tcp.established 3600
set timeout src.track 10

set limit table-entries 500000
set limit states 2000000
set limit src-nodes 2000000
set require-order no
set block-policy drop
set ruleset-optimization basic

set skip on lo0

table <xyztable> counters
rdr-anchor "ASDFGH" on igb0 proto tcp from <xyztable> to any port 123

load anchor ASDFGH from "/etc/ASDFGH-anchor"

# contents of /etc/ASDFGH-anchor:
# rdr on igb0 proto tcp from any to 192.168.0.1 port 123 -> 192.168.0.1
port 124
#
------------------------------------------------------------------------------------------------

#
------------------------------------------------------------------------------------------------
# Add the IP in the table:
# pfctl -t xyztable -T add 192.168.0.101

Daemon listening on 124, "client" sends traffic to 123 which is redirected
to 124 by the rdr-anchor.

I send some TCP traffic from 192.168.0.101 to 192.168.0.1 port 123 (and
receive responses), however, the table has 0 counters.

#
------------------------------------------------------------------------------------------------
# pfctl -t xyztable -T show -vv
No ALTQ support in kernel
ALTQ related functions disabled
192.168.0.101
Cleared: Mon Jan 4 23:42:55 2021
In/Block: [ Packets: 0 Bytes: 0 ]
In/Pass: [ Packets: 0 Bytes: 0 ]
Out/Block: [ Packets: 0 Bytes: 0 ]
Out/Pass: [ Packets: 0 Bytes: 0 ]

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJHkgnf=0-PMPGRm0-K_rNoKO7w-RHTSVVnLuDNLM7o_G4=eAg>