From owner-freebsd-questions@FreeBSD.ORG Sat Dec 18 22:18:08 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CD2A16A4CF for ; Sat, 18 Dec 2004 22:18:08 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E25543D60 for ; Sat, 18 Dec 2004 22:18:07 +0000 (GMT) (envelope-from gibblertron@gmail.com) Received: by rproxy.gmail.com with SMTP id z35so49221rne for ; Sat, 18 Dec 2004 14:18:04 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=LTofnV8irpcGRqrfgvBzddGyVOm/Hi54sHJpiRxEpecrVx+or1nM3AyFBnsYFKReeU7e9meGeA3SbqrGj4dXqCa109Ve6id6Ghne302t3wr/w2j75nKYQrA8QUP6sLrh7YaHVV/8S6JtttF3ZLdLlHGraJWEWOTFuZeTiZfr4aQ= Received: by 10.38.11.60 with SMTP id 60mr53470rnk; Sat, 18 Dec 2004 14:18:04 -0800 (PST) Received: by 10.38.96.30 with HTTP; Sat, 18 Dec 2004 14:18:04 -0800 (PST) Message-ID: Date: Sat, 18 Dec 2004 14:18:04 -0800 From: patrick To: freebsd-questions@freebsd.org In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: Subject: Re: "ipfw count" equivalent for pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: patrick List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2004 22:18:08 -0000 So, are there any pf users who can help me write two simple rules to pass through traffic in and out on an interface such that I'll be able to gather statistics? I've read through all the man pages and help on OpenBSD's pf pages, but I am not clear on how to achieve what I want. Patrick On Thu, 16 Dec 2004 11:57:29 -0800, patrick wrote: > Hi there, > > Now that FreeBSD 5.x has pf from OpenBSD, I'm wondering if some of the > pf experts can help me with porting a simple ipfw configuration from > FreeBSD 4.x to pf in FreeBSD 5.x. > > On our 4.x servers, we have several rules like: > > ipfw add count ip from any to x.x.x.x > ipfw add count ip from x.x.x.x to any > > ... to keep track of how much traffic is going through a particular IP > address. Every night, I capture the data and zero the counters. > > Using pf, I'm having a difficult time how to establish a similar > ruleset so that I can gather the same sort of data. Someone on the > openbsd-misc list told me to "add labels to those rules you want to > account traffic on and use `pdfctl -sl` to read their counters." The > problem is that I'm not sure how to describe the rules using pf. I > suppose the rules should just pass all traffic to and from my external > interface, but from all the pf documentation I've read, I can't find > an example that seems to do this for me. > > Can any experts lend a hand here? It seems like this should be > dead-easy to do, but like many things from the OpenBSD world, it does > not seem to straight-forward to me. > > Thanks, > > Patrick >