How to determine "hits" on rules
Max Laier
max at love2party.net
Sat Jan 15 09:23:56 PST 2005
On Saturday 15 January 2005 06:58, Forrest Aldrich wrote:
> I'm migrating one of my systems to PF from IPFW.
>
> In so doing and planning, I've reviewed the manpages and some online
> literature.
>
> I've become dependent upon "ipfw -t" to determine hits on various spam
> rules I've implemented - some of them large lists of /24's.
>
> I've not been able to determine that there is an equivalent in PF -
> though I imagine there must be some method to accomplish this.
>
> I'd appreciate if someone could help point in the right direction.
On Wednesday 12 January 2005 17:13, I wrote:
> No, there is no such functionality. In fact, we don't even store such data
> in the rules. For rules that create state, you can check the output of
> "$pfctl -vvss" for the newest state for a certain rule. For rules that do
> logging, you can check /var/log/pflog for the last packet logged.
>
> I don't really see the point in this information. Why do you want to know
> this? Can you explain a bit - it's certainly not difficult to implement.
In any case: "pfctl -vsr" will give you counters on each rule.
If you use a table to store the spammer-addresses, you might find: "pfctl
-vvTshow -t table_name" interesting.
Check: http://www.benzedrine.cx/relaydb.html for a step-by-step tutorial, how
to deal with spammers with the help of pf. This might give you some ideas.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050115/9f7d01cf/attachment.bin
More information about the freebsd-pf
mailing list