From owner-freebsd-questions@FreeBSD.ORG Sun Dec 18 21:46:16 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B94416A41F for ; Sun, 18 Dec 2005 21:46:16 +0000 (GMT) (envelope-from frank@ircnow.org) Received: from scott.blazing.de (scott.blazing.de [80.86.187.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83FE043D55 for ; Sun, 18 Dec 2005 21:46:15 +0000 (GMT) (envelope-from frank@ircnow.org) Received: by scott.blazing.de (Postfix, from userid 510) id 98BF6824C6; Sun, 18 Dec 2005 22:46:13 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on scott.blazing.de X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.0 Received: from shodan.nognu.de (shodan.nognu.de [85.14.216.230]) by scott.blazing.de (Postfix) with ESMTP id 223DB824B5 for ; Sun, 18 Dec 2005 22:46:09 +0100 (CET) Received: by shodan.nognu.de (nbSMTP-1.00) for uid 1002 frank@ircnow.org; Sun, 18 Dec 2005 22:46:09 +0100 (CET) Date: Sun, 18 Dec 2005 22:46:08 +0100 From: Frank Steinborn To: freebsd-questions@freebsd.org Message-ID: <20051218214608.GA92198@scott.blazing.de> Mail-Followup-To: freebsd-questions@freebsd.org References: <20051218213501.GA72282@holestein.holy.cow> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oyUTqETQ0mS9luUI" Content-Disposition: inline In-Reply-To: <20051218213501.GA72282@holestein.holy.cow> X-PGP: 41F1741D User-Agent: mutt-ng/devel-r581 (FreeBSD) Subject: Re: Compacting the "pf -v -s rules" output similar to "ipfstat -ionh" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Dec 2005 21:46:16 -0000 --oyUTqETQ0mS9luUI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Parv wrote: > I am currently trying pf instead of ipf; rules were brought over > easily besides the user errors. I am still in the process of to be at > ease w/ pf logging & statistics. >=20 > Before i write it myself, has anybody got a already prepared way to > compact the "pfctl -v -s rules" output ... >=20 > pass in on lo0 all > [ Evaluations: 22188 Packets: 10925 Bytes: 8392463 States= : 0 ] > pass out on lo0 all > [ Evaluations: 21850 Packets: 10925 Bytes: 8392463 States= : 0 ] > block drop in on em0 all > [ Evaluations: 22188 Packets: 6 Bytes: 360 States= : 0 ] > block drop in quick on em0 inet proto tcp from 192.168.2.0/24 to any po= rt 137:139 > [ Evaluations: 19 Packets: 0 Bytes: 0 States= : 0 ] >=20 >=20 > ... to something like ... >=20 > 22188 pass in on lo0 all > 21850 pass out on lo0 all > 22188 block drop in on em0 all > 19 block drop in quick on em0 inet proto tcp from 192.168.2.0/24 to any= port 137:139 Don't use -v, just pfctl -s rules. That, however, won't give you a number of packets/bytes passed to the rules. Frank --oyUTqETQ0mS9luUI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDpdigK0akcUHxdB0RAnRWAKCUk0X6RCVw+8mO0NQJWy+L/7IEqACghDxY ZrkO6/9QUSTPS6wFH/J2HlM= =lKKr -----END PGP SIGNATURE----- --oyUTqETQ0mS9luUI--