Date: Mon, 21 Mar 2005 10:12:38 +0300 From: "Eugene M. Minkovskii" <emin@mccme.ru> To: "Peter N. M. Hansteen" <peter@bgnett.no> Cc: freebsd-questions@freebsd.org Subject: Re: OpenBSD's pf and traffic Message-ID: <20050321071227.GA29429@mccme.ru> In-Reply-To: <861xaamf9t.fsf@amidala.datadok.no> References: <20050320093159.GA3213@mccme.ru> <861xaamf9t.fsf@amidala.datadok.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 20, 2005 at 05:51:58PM +0100, Peter N. M. Hansteen wrote: " "Eugene M. Minkovskii" <emin@mccme.ru> writes: " " > Does any body know, how can I use OpenBSD's pf (packet filter) for " > determine total traffic volume on network interface? If it's " > impossible, what facility you recommend me to do this? " " Various pfctl -s options (eg pfctl -s info) give you counters of bytes " and packets passed or blocked. If you use labels in your pass rules, " you'll get per label counters as well. " Thank you, Peter. So, now I can define rule like block in log on $ext_ip inet from any to $ext_ip label $ext_ip pass in on $ext_ip inet from any to $ext_ip port 22 keep sate As you can see, ssh packets match to all rule and pass in because last rule win. Does it mean, that I can't see ssh's packet using command # pfctl -sl And if I use block in log on $ext_ip inet from any to $ext_ip label $ext_ip pass in on $ext_ip inet from any to $ext_ip port 22 keep sate label $ext_ip ... I see label twice ? Perhaps you know where I can find workable example of this? -- Sensory yours, Eugene Minkovskii Сенсорно ваш, Евгений Миньковский
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050321071227.GA29429>