Date: Sun, 19 Dec 2004 16:38:04 -0800 From: patrick <gibblertron@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: "ipfw count" equivalent for pf Message-ID: <b043a48504121916381ffba473@mail.gmail.com> In-Reply-To: <b043a48504121611577801f1ef@mail.gmail.com> References: <b043a48504121611577801f1ef@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I didn't receive any advice relevant to solving my problem, but I did manage to figure it out in the end. I thought I'd share my solution in case anyone else wants to do the same thing: My /etc/pf.conf has the following lines: ext_if="rl0" external_addr="x.x.x.x" pass in on $ext_if from any to $external_addr label "$dstaddr in" pass out on $ext_if from $external_addr to any label "$srcaddr out" Activate the rules with "pfctl -f /etc/pf.conf", and then you can display the counters by doing a "pfctl -sl" which outputs something like: x.x.x.x in 14363 7448 734450 x.x.x.x out 13810 6362 683319 To zero the counters, I've just been calling "pfctl -f /etc/pf.conf" again, though there may be a more "proper" way. Patrick On Thu, 16 Dec 2004 11:57:29 -0800, patrick <gibblertron@gmail.com> wrote: > Hi there, > > Now that FreeBSD 5.x has pf from OpenBSD, I'm wondering if some of the > pf experts can help me with porting a simple ipfw configuration from > FreeBSD 4.x to pf in FreeBSD 5.x. > > On our 4.x servers, we have several rules like: > > ipfw add count ip from any to x.x.x.x > ipfw add count ip from x.x.x.x to any > > ... to keep track of how much traffic is going through a particular IP > address. Every night, I capture the data and zero the counters. > > Using pf, I'm having a difficult time how to establish a similar > ruleset so that I can gather the same sort of data. Someone on the > openbsd-misc list told me to "add labels to those rules you want to > account traffic on and use `pdfctl -sl` to read their counters." The > problem is that I'm not sure how to describe the rules using pf. I > suppose the rules should just pass all traffic to and from my external > interface, but from all the pf documentation I've read, I can't find > an example that seems to do this for me. > > Can any experts lend a hand here? It seems like this should be > dead-easy to do, but like many things from the OpenBSD world, it does > not seem to straight-forward to me. > > Thanks, > > Patrick >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b043a48504121916381ffba473>