From owner-freebsd-pf@freebsd.org Tue Jan 5 13:42:59 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 28DAA4E52DF for ; Tue, 5 Jan 2021 13:42:59 +0000 (UTC) (envelope-from ddobrev85@gmail.com) Received: from mail-ua1-x92c.google.com (mail-ua1-x92c.google.com [IPv6:2607:f8b0:4864:20::92c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D9DGB345Bz4Tgc for ; Tue, 5 Jan 2021 13:42:58 +0000 (UTC) (envelope-from ddobrev85@gmail.com) Received: by mail-ua1-x92c.google.com with SMTP id k47so10264884uad.1 for ; Tue, 05 Jan 2021 05:42:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=lq8kNiCDH9xktQaIHjMfug7SipdBhqkW4jVyp2U7aZY=; b=sukeu313gHSdRtlPFtQPIq0+3ibv5W6s80IJyhtTHcU/ZHuN+j87jybr0Z+HVsIgpI zX8nTiHhdGSLWEZDSOU9Ri3hOpFaWGRlmOwyMJsBXEi4mMn0ggEWlw2WJT3e8UJrXmoc EjrHeW6NMccsUT9XEhgv9F+yuSfdc7qqxZJaKsbjwYcdwlUgji6GdFtzugRYUTNWaU4O F+UBjdKRT/RmM7M0gsyGWc5BzGM11sHxqo/gNV9WbsRwGg8tO+c4JjO6dcZzvcXcT0dt n5TyxQLIj4WBYWWWx+HX08CLNY/g0h0TmF0+omBl1mPCh40NfAI8Vw5QMkxodGfTwriI Tn5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=lq8kNiCDH9xktQaIHjMfug7SipdBhqkW4jVyp2U7aZY=; b=QHnBZDRcedUj7NCB5sAmsShmBvSAlAC1sSgVdt0VxzpoXSKe7FGNbytzCbjMklPexa EfU6MHFGlUq8WvOtIiJFropMqRTzVvah1Lt14KLymY+81mkSGKvobJ2U/wf67iqX5K9L ou+nOSode9St/C2jnWOEWRgT+o2gKLMM2c7VxCvfJZcQPB8iVgMRAYLULwVenG0fSzFb DhANTXH82jMEGZYa1ZBxnUQT5gEpTdLg2L8q3eOU6v+moWwGXquJAHAANo9WJqBjbee4 3HNPS90pgxx+/a+JCvWJMzpLsJiJLaDGdN0QNO9cSPLGjlOJjOD8y3veQFMF1wYbrBbN 4vOA== X-Gm-Message-State: AOAM533fnVXsazpWbhg+oyVfgpLsuzMRcatenRgLBhGvyBcoJNL3xQkw z2qxVl37SjDcBBQufFh81bZp9B9wI53VJzGIInB2aY/FZHZTmA== X-Google-Smtp-Source: ABdhPJyrTdA2y2TCnyrKYfcd05b6u1CO1/N730FUggdrHAyYsl5NpEXCx69y1YBX6OyT1Y3wi7hU3CVT4kST6vAgVGU= X-Received: by 2002:ab0:38d:: with SMTP id 13mr48990845uau.7.1609854177021; Tue, 05 Jan 2021 05:42:57 -0800 (PST) MIME-Version: 1.0 From: Dobri Dobrev Date: Tue, 5 Jan 2021 15:42:43 +0200 Message-ID: Subject: PF not keeping counters in a counters-defined table To: freebsd-pf@freebsd.org X-Rspamd-Queue-Id: 4D9DGB345Bz4Tgc X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=sukeu313; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ddobrev85@gmail.com designates 2607:f8b0:4864:20::92c as permitted sender) smtp.mailfrom=ddobrev85@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::92c:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::92c:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::92c:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-pf] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jan 2021 13:42:59 -0000 # ------------------------------------------------------------------------------------------------ # /etc/pf.conf: set timeout tcp.first 45 set timeout tcp.opening 45 set timeout tcp.closing 15 set timeout tcp.finwait 15 set timeout tcp.closed 10 set timeout interval 10 set timeout tcp.established 3600 set timeout src.track 10 set limit table-entries 500000 set limit states 2000000 set limit src-nodes 2000000 set require-order no set block-policy drop set ruleset-optimization basic set skip on lo0 table counters rdr-anchor "ASDFGH" on igb0 proto tcp from to any port 123 load anchor ASDFGH from "/etc/ASDFGH-anchor" # contents of /etc/ASDFGH-anchor: # rdr on igb0 proto tcp from any to 192.168.0.1 port 123 -> 192.168.0.1 port 124 # ------------------------------------------------------------------------------------------------ # ------------------------------------------------------------------------------------------------ # Add the IP in the table: # pfctl -t xyztable -T add 192.168.0.101 Daemon listening on 124, "client" sends traffic to 123 which is redirected to 124 by the rdr-anchor. I send some TCP traffic from 192.168.0.101 to 192.168.0.1 port 123 (and receive responses), however, the table has 0 counters. # ------------------------------------------------------------------------------------------------ # pfctl -t xyztable -T show -vv No ALTQ support in kernel ALTQ related functions disabled 192.168.0.101 Cleared: Mon Jan 4 23:42:55 2021 In/Block: [ Packets: 0 Bytes: 0 ] In/Pass: [ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass: [ Packets: 0 Bytes: 0 ]