Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 Feb 2005 14:25:53 +0100
From:      Max Laier <max@love2party.net>
To:        freebsd-net@freebsd.org
Cc:        David Gilbert <dgilbert@dclg.ca>
Subject:   Re: altq for vlans?
Message-ID:  <200502141426.01067.max@love2party.net>
In-Reply-To: <20050214094353.GX82324@obiwan.tataz.chchile.org>
References:  <16911.51264.86063.604597@canoe.dclg.ca> <16912.11613.216501.589279@canoe.dclg.ca> <20050214094353.GX82324@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Monday 14 February 2005 10:43, Jeremie Le Hen wrote:
> > Anyways, the _real_ problem is that traditionally, I'd used firewall
> > rules for accounting as well as security.  To that end, labels are
> > very cool.  However, they have one rather large defect:
> >
> > If you're dealing with keep state rules, there seems to be no obvious
> > way to account for incoming vs. outgoing traffic.  The label only
> > reports total traffic for the state matching the rule... which is both
> > in and out.
>
> This is a workaround, but I found that ipfw's count rules are pretty
> useful for this purpose.  This would however add processing overhead
> for each packet especially using gigabit Ethernet.

Did you try to use tables?  I think it's one of the best tools for easy 
accounting.

$pfctl -vvT show -t test
   192.168.0.1
        Cleared:     Mon Feb 14 14:19:39 2005
        In/Block:    [ Packets: 0                  Bytes: 0                  ]
        In/Pass:     [ Packets: 2                  Bytes: 168                ]
        Out/Block:   [ Packets: 0                  Bytes: 0                  ]
        Out/Pass:    [ Packets: 2                  Bytes: 168                ]

It does count everything on stateful rules and it's easy to monitor subnets 
and whatnot.  See the various manual pages and the OpenBSD FAQ for more about 
tables.  You might also want to have a look at pfflowd from ports, which is 
able to translate pfsync messages into flows for accounting purposes.

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCEKboXyyEoT62BG0RAtWoAJ9OJNvv7B51jcdZrY2glS8OHsuQmACfQ1EL
TOOcX6N2znncsgg5GpXdKII=
=Ecbd
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502141426.01067.max>