Compacting the "pf -v -s rules" output similar to "ipfstat
-ionh"
Frank Steinborn
frank at ircnow.org
Sun Dec 18 13:46:16 PST 2005
Parv wrote:
> I am currently trying pf instead of ipf; rules were brought over
> easily besides the user errors. I am still in the process of to be at
> ease w/ pf logging & statistics.
>
> Before i write it myself, has anybody got a already prepared way to
> compact the "pfctl -v -s rules" output ...
>
> pass in on lo0 all
> [ Evaluations: 22188 Packets: 10925 Bytes: 8392463 States: 0 ]
> pass out on lo0 all
> [ Evaluations: 21850 Packets: 10925 Bytes: 8392463 States: 0 ]
> block drop in on em0 all
> [ Evaluations: 22188 Packets: 6 Bytes: 360 States: 0 ]
> block drop in quick on em0 inet proto tcp from 192.168.2.0/24 to any port 137:139
> [ Evaluations: 19 Packets: 0 Bytes: 0 States: 0 ]
>
>
> ... to something like ...
>
> 22188 pass in on lo0 all
> 21850 pass out on lo0 all
> 22188 block drop in on em0 all
> 19 block drop in quick on em0 inet proto tcp from 192.168.2.0/24 to any port 137:139
Don't use -v, just pfctl -s rules. That, however, won't give you a
number of packets/bytes passed to the rules.
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20051218/5302e108/attachment.bin
More information about the freebsd-questions
mailing list