Date: Tue, 22 Mar 2005 14:28:09 +0100 From: peter@bgnett.no (Peter N. M. Hansteen) To: "Eugene M. Minkovskii" <emin@mccme.ru> Cc: freebsd-questions@freebsd.org Subject: Re: OpenBSD's pf and traffic Message-ID: <868y4f6c9i.fsf@amidala.datadok.no> In-Reply-To: <20050322130900.GC3137@mccme.ru> (Eugene M. Minkovskii's message of "Tue, 22 Mar 2005 16:09:00 %2B0300") References: <20050320093159.GA3213@mccme.ru> <861xaamf9t.fsf@amidala.datadok.no> <20050321071227.GA29429@mccme.ru> <86eke9fn7o.fsf@amidala.datadok.no> <20050322120451.GA3137@mccme.ru> <86hdj36fho.fsf@amidala.datadok.no> <20050322124220.GB3137@mccme.ru> <86d5tr6e1r.fsf@amidala.datadok.no> <20050322130900.GC3137@mccme.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
"Eugene M. Minkovskii" <emin@mccme.ru> writes: > Unfortunely, this mean, that OpenBSD's pf can not measure > traffic, because we can not separate incoming and outgoing > traffic in bidirectional rule. Or we must not use keep state > feature. I think I understand what you mean - you do not want per connection statistics, you want packets passed by direction, regardless of which side initiated the traffic, subdivided by pass rule. At the moment I'm not sure how to put that into pf.conf rules, but you may want to go where the real pf experts hang out - pf@benzedrine.cx - and see if there's an angle we haven't thought of. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?868y4f6c9i.fsf>