"ipfw count" equivalent for pf

patrick gibblertron at gmail.com
Sun Dec 19 16:38:05 PST 2004


I didn't receive any advice relevant to solving my problem, but I did
manage to figure it out in the end. I thought I'd share my solution in
case anyone else wants to do the same thing:

My /etc/pf.conf has the following lines:

ext_if="rl0"
external_addr="x.x.x.x"

pass in on $ext_if from any to $external_addr label "$dstaddr in"
pass out on $ext_if from $external_addr to any label "$srcaddr out"

Activate the rules with "pfctl -f /etc/pf.conf", and then you can
display the counters by doing a "pfctl -sl" which outputs something
like:

x.x.x.x in 14363 7448 734450
x.x.x.x out 13810 6362 683319

To zero the counters, I've just been calling "pfctl -f /etc/pf.conf"
again, though there may be a more "proper" way.

Patrick


On Thu, 16 Dec 2004 11:57:29 -0800, patrick <gibblertron at gmail.com> wrote:
> Hi there,
> 
> Now that FreeBSD 5.x has pf from OpenBSD, I'm wondering if some of the
> pf experts can help me with porting a simple ipfw configuration from
> FreeBSD 4.x to pf in FreeBSD 5.x.
> 
> On our 4.x servers, we have several rules like:
> 
> ipfw add count ip from any to x.x.x.x
> ipfw add count ip from x.x.x.x to any
> 
> ... to keep track of how much traffic is going through a particular IP
> address. Every night, I capture the data and zero the counters.
> 
> Using pf, I'm having a difficult time how to establish a similar
> ruleset so that I can gather the same sort of data. Someone on the
> openbsd-misc list told me to "add labels to those rules you want to
> account traffic on and use `pdfctl -sl` to read their counters." The
> problem is that I'm not sure how to describe the rules using pf. I
> suppose the rules should just pass all traffic to and from my external
> interface, but from all the pf documentation I've read, I can't find
> an example that seems to do this for me.
> 
> Can any experts lend a hand here? It seems like this should be
> dead-easy to do, but like many things from the OpenBSD world, it does
> not seem to straight-forward to me.
> 
> Thanks,
> 
> Patrick
>


More information about the freebsd-questions mailing list