"ipfw count" equivalent for pf
patrick
gibblertron at gmail.com
Sat Dec 18 14:18:08 PST 2004
So, are there any pf users who can help me write two simple rules to
pass through traffic in and out on an interface such that I'll be able
to gather statistics? I've read through all the man pages and help on
OpenBSD's pf pages, but I am not clear on how to achieve what I want.
Patrick
On Thu, 16 Dec 2004 11:57:29 -0800, patrick <gibblertron at gmail.com> wrote:
> Hi there,
>
> Now that FreeBSD 5.x has pf from OpenBSD, I'm wondering if some of the
> pf experts can help me with porting a simple ipfw configuration from
> FreeBSD 4.x to pf in FreeBSD 5.x.
>
> On our 4.x servers, we have several rules like:
>
> ipfw add count ip from any to x.x.x.x
> ipfw add count ip from x.x.x.x to any
>
> ... to keep track of how much traffic is going through a particular IP
> address. Every night, I capture the data and zero the counters.
>
> Using pf, I'm having a difficult time how to establish a similar
> ruleset so that I can gather the same sort of data. Someone on the
> openbsd-misc list told me to "add labels to those rules you want to
> account traffic on and use `pdfctl -sl` to read their counters." The
> problem is that I'm not sure how to describe the rules using pf. I
> suppose the rules should just pass all traffic to and from my external
> interface, but from all the pf documentation I've read, I can't find
> an example that seems to do this for me.
>
> Can any experts lend a hand here? It seems like this should be
> dead-easy to do, but like many things from the OpenBSD world, it does
> not seem to straight-forward to me.
>
> Thanks,
>
> Patrick
>
More information about the freebsd-questions
mailing list