"ipfw count" equivalent for pf
patrick
gibblertron at gmail.com
Thu Dec 16 11:57:30 PST 2004
Hi there,
Now that FreeBSD 5.x has pf from OpenBSD, I'm wondering if some of the
pf experts can help me with porting a simple ipfw configuration from
FreeBSD 4.x to pf in FreeBSD 5.x.
On our 4.x servers, we have several rules like:
ipfw add count ip from any to x.x.x.x
ipfw add count ip from x.x.x.x to any
... to keep track of how much traffic is going through a particular IP
address. Every night, I capture the data and zero the counters.
Using pf, I'm having a difficult time how to establish a similar
ruleset so that I can gather the same sort of data. Someone on the
openbsd-misc list told me to "add labels to those rules you want to
account traffic on and use `pdfctl -sl` to read their counters." The
problem is that I'm not sure how to describe the rules using pf. I
suppose the rules should just pass all traffic to and from my external
interface, but from all the pf documentation I've read, I can't find
an example that seems to do this for me.
Can any experts lend a hand here? It seems like this should be
dead-easy to do, but like many things from the OpenBSD world, it does
not seem to straight-forward to me.
Thanks,
Patrick
More information about the freebsd-questions
mailing list