From owner-freebsd-questions@FreeBSD.ORG Mon Dec 20 00:38:05 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 450AB16A4CE for ; Mon, 20 Dec 2004 00:38:05 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE34643D2F for ; Mon, 20 Dec 2004 00:38:04 +0000 (GMT) (envelope-from gibblertron@gmail.com) Received: by rproxy.gmail.com with SMTP id z35so104435rne for ; Sun, 19 Dec 2004 16:38:04 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=kQ1iIZ7AgGZFrao2+IG5J2U+Pz9eoJ6j3yEfZ82HzzWsgginrbwRci2NAEAWckyighJqn2Bkj+dJoeO8QYxx3uh7GZKczQ6CkaGw/iWJz97P6LDGdD8yYqLmGPo8u2Ih7HdNxugxD13T5kCNSDbfcsrhkfKTKYhKbrUj2qS5Fcg= Received: by 10.38.88.63 with SMTP id l63mr351559rnb; Sun, 19 Dec 2004 16:38:04 -0800 (PST) Received: by 10.38.96.30 with HTTP; Sun, 19 Dec 2004 16:38:04 -0800 (PST) Message-ID: Date: Sun, 19 Dec 2004 16:38:04 -0800 From: patrick To: freebsd-questions@freebsd.org In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: Subject: Re: "ipfw count" equivalent for pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: patrick List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2004 00:38:05 -0000 I didn't receive any advice relevant to solving my problem, but I did manage to figure it out in the end. I thought I'd share my solution in case anyone else wants to do the same thing: My /etc/pf.conf has the following lines: ext_if="rl0" external_addr="x.x.x.x" pass in on $ext_if from any to $external_addr label "$dstaddr in" pass out on $ext_if from $external_addr to any label "$srcaddr out" Activate the rules with "pfctl -f /etc/pf.conf", and then you can display the counters by doing a "pfctl -sl" which outputs something like: x.x.x.x in 14363 7448 734450 x.x.x.x out 13810 6362 683319 To zero the counters, I've just been calling "pfctl -f /etc/pf.conf" again, though there may be a more "proper" way. Patrick On Thu, 16 Dec 2004 11:57:29 -0800, patrick wrote: > Hi there, > > Now that FreeBSD 5.x has pf from OpenBSD, I'm wondering if some of the > pf experts can help me with porting a simple ipfw configuration from > FreeBSD 4.x to pf in FreeBSD 5.x. > > On our 4.x servers, we have several rules like: > > ipfw add count ip from any to x.x.x.x > ipfw add count ip from x.x.x.x to any > > ... to keep track of how much traffic is going through a particular IP > address. Every night, I capture the data and zero the counters. > > Using pf, I'm having a difficult time how to establish a similar > ruleset so that I can gather the same sort of data. Someone on the > openbsd-misc list told me to "add labels to those rules you want to > account traffic on and use `pdfctl -sl` to read their counters." The > problem is that I'm not sure how to describe the rules using pf. I > suppose the rules should just pass all traffic to and from my external > interface, but from all the pf documentation I've read, I can't find > an example that seems to do this for me. > > Can any experts lend a hand here? It seems like this should be > dead-easy to do, but like many things from the OpenBSD world, it does > not seem to straight-forward to me. > > Thanks, > > Patrick >