Re: PF Statistics
- Reply: Doug Hardie : "Re: PF Statistics"
- In reply to: Kevin Oberman : "Re: PF Statistics"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 15 Aug 2025 06:56:47 UTC
On 14/08/2025 21:03, Kevin Oberman wrote:
> On Wed, Aug 13, 2025 at 11:06 PM Doug Hardie <bc979@lafn.org
> <mailto:bc979@lafn.org>> wrote:
>
> > On Jun 15, 2025, at 09:36, Doug Hardie <bc979@lafn.org
> <mailto:bc979@lafn.org>> wrote:
> >
> > I have been running pftop for several days. Some of the PKTS
> counts were non-zero yestarday. Today they are zero. The others
> appear to be reasonable, as in not cleared recently. Table
> statistics include the date/time when the numbers were last
> cleared. I could not find anything similar for rules. For example
> I have a block of anything coming in on the telnet port. Last night
> it showed 290 PKTS. Today it shows zero. Is there something in pf
> that periodically clears the statistics? I couldn't find anything
> in the documentation that addresses this. Thanks,
> >
> >
> > Update: today it appears that all of the PKTS counts were cleared.
>
> After a lot of testing, I have found that the counters are cleared
> daily between 0301 and 0302. I am not finding any cron activations
> in that timeframe that appear to affect pf. Is this clearing built
> into pf?
>
> -- Doug
>
>
> Have you looked at periodic(8)? By default the daily runs at 0300 pluss
> or minus a fuzz value
/etc/periodic/security/520.pfdenied, line 46:
pfctl -a "${_a}" -sr -v -z 2>/dev/null | \
That -z clears statistics.
--
We should have listened when the modems screamed at us.