displaying rule labels in pf logs
snowcrash
schneecrash+pf at gmail.com
Fri Apr 20 16:14:03 UTC 2007
hi max,
> A small awk/perl/python/ruby/...-filter should get you running. Simply
> suck in "pfctl -vvsr" output and build an associative array rule# ->
> label and then just search and replace.
that's an alternative. i'll have to figure out how with which script
lang (for lowest overhead on an embedded box ...).
thanks.
> > is there an existing 'native' option to do so already 'in' pf+tcpdump?
>
> No there isn't - and I don't think we will implement it either. The
> information can easily be obtained if the corresponding ruleset is
> available and copying 64 byte additional information is a significant
> overhead. As variable size headers are somewhat tricky, I'm afraid this
> is a no-go - sorry.
shame. i certainly can't speak to the performance/tech issue you
raise, but, this (human-readable labels in my logs) is one of the very
few things i *do* miss from the 'old' iptables-based solutions i
migrated away from ...
the script should be an alternative.
thanks again.
More information about the freebsd-pf
mailing list