From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 22 13:30:12 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 53E0816A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 22 Mar 2005 13:30:12 +0000 (GMT)
Received: from vs3.bgnett.no (vs3.bgnett.no [194.54.96.185])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6CF6143D2D
	for <freebsd-questions@freebsd.org>;
	Tue, 22 Mar 2005 13:30:11 +0000 (GMT)	(envelope-from peter@bgnett.no)
Received: from amidala.datadok.no.bgnett.no (amidala.datadok.no
	[194.54.103.98])
	by vs3.bgnett.no (8.12.9p2/8.12.9) with ESMTP id j2MDTxBM054500;
	Tue, 22 Mar 2005 14:30:00 +0100 (CET)	(envelope-from peter@bgnett.no)
To: "Eugene M. Minkovskii" <emin@mccme.ru>
References: <20050320093159.GA3213@mccme.ru>
	<861xaamf9t.fsf@amidala.datadok.no> <20050321071227.GA29429@mccme.ru>
	<86eke9fn7o.fsf@amidala.datadok.no> <20050322120451.GA3137@mccme.ru>
	<86hdj36fho.fsf@amidala.datadok.no> <20050322124220.GB3137@mccme.ru>
	<86d5tr6e1r.fsf@amidala.datadok.no> <20050322130900.GC3137@mccme.ru>
From: peter@bgnett.no (Peter N. M. Hansteen)
Date: Tue, 22 Mar 2005 14:28:09 +0100
In-Reply-To: <20050322130900.GC3137@mccme.ru> (Eugene M. Minkovskii's
 message of "Tue, 22 Mar 2005 16:09:00 +0300")
Message-ID: <868y4f6c9i.fsf@amidala.datadok.no>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp,
 berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-bgnett.no-virusscanner: Found to be clean
X-Envelope-To: emin@mccme.ru, freebsd-questions@freebsd.org
cc: freebsd-questions@freebsd.org
Subject: Re: OpenBSD's pf and traffic
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2005 13:30:12 -0000

"Eugene M. Minkovskii" <emin@mccme.ru> writes:

> Unfortunely, this mean, that OpenBSD's pf can not measure
> traffic, because we can not separate incoming and outgoing
> traffic in bidirectional rule. Or we must not use keep state
> feature.

I think I understand what you mean - you do not want per connection
statistics, you want packets passed by direction, regardless of which
side initiated the traffic, subdivided by pass rule. At the moment I'm
not sure how to put that into pf.conf rules, but you may want to go
where the real pf experts hang out - pf@benzedrine.cx - and see if
there's an angle we haven't thought of.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"