How to tell if IPF is running?

[Erik Norgaard]

Peter wrote:
> --- Erik Norgaard <norgaard at locolomo.org> wrote:
> 
>> Gable Barber wrote:
>>> On 1/18/06, Peter <petermatulis at yahoo.ca> wrote:
>>>> Switch over to pf.
>>>>
>>> Why do you suggest PF over IPF?
>>>
>>> Hope I am not starting a war here.. but I am genuinely interested in
>> the
>>> opinions.
>> I used IPF on FBSD until there was some bug in IPF for 5.x some version 
>> that forced me to switch after an upgrade. The bug has been fixed since 
>> but I have found no reason to go back.
>>
>> There are two things I miss from IPF:
>>
>> a) proper accounting: You can't count traffic correctly with stateful 
>> filtering on pf, pf will count when a rule is matched but once a state 
>> is established packets for that state are not matched and hence not
>> counted.
> 
> That's not true.

Hi Peter, it would be quite useful if you would contribute with 
knowledge instead of empty claims. And if you don't care to explain in 
verbose mode, at least provide a link to where the knowledge is found.
If I am wrong, I'd like to learn the solution.

I need host based counting that distinguish up- and download. AFAIK this 
means I can't use tables and hence I have to reload the entire ruleset 
to add or remove a host. This is quite annoying compared to IPF where I 
can load or delete a single rule from the active ruleset - and thanks to 
groups, I can make sure a rule get inserted the right place.

And, I still don't know the easy solution to get the numbers out.

Of course there is a point in PF, namely that there is just one ruleset 
whereas in IPF filtering and accounting rules are separate.

Cheers, Erik