Date: Sat, 15 Jan 2005 18:23:37 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: How to determine "hits" on rules Message-ID: <200501151823.45078.max@love2party.net> In-Reply-To: <41E8B102.20706@forrie.com> References: <41E8B102.20706@forrie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Saturday 15 January 2005 06:58, Forrest Aldrich wrote: > I'm migrating one of my systems to PF from IPFW. > > In so doing and planning, I've reviewed the manpages and some online > literature. > > I've become dependent upon "ipfw -t" to determine hits on various spam > rules I've implemented - some of them large lists of /24's. > > I've not been able to determine that there is an equivalent in PF - > though I imagine there must be some method to accomplish this. > > I'd appreciate if someone could help point in the right direction. On Wednesday 12 January 2005 17:13, I wrote: > No, there is no such functionality. In fact, we don't even store such data > in the rules. For rules that create state, you can check the output of > "$pfctl -vvss" for the newest state for a certain rule. For rules that do > logging, you can check /var/log/pflog for the last packet logged. > > I don't really see the point in this information. Why do you want to know > this? Can you explain a bit - it's certainly not difficult to implement. In any case: "pfctl -vsr" will give you counters on each rule. If you use a table to store the spammer-addresses, you might find: "pfctl -vvTshow -t table_name" interesting. Check: http://www.benzedrine.cx/relaydb.html for a step-by-step tutorial, how to deal with spammers with the help of pf. This might give you some ideas. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB6VGgXyyEoT62BG0RAsPhAJ98F4R7ILyOpJM1rfgILPcPPW9uKQCdGZcQ P6B54jXUBkua73dxx/vohIc= =ntxA -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501151823.45078.max>