Rule last match timestamp
Franco Fichtner
franco at lastsummer.de
Fri Dec 27 20:49:51 UTC 2019
Hi,
> On 27. Dec 2019, at 6:45 PM, Kristof Provost <kristof at sigsegv.be> wrote:
>
> What are you trying to accomplish?
Some people believe that "last match" is a great metric to audit rules for
intrusion detection and all sorts ruleset optimisation and refinement.
In OPNsense the question has popped up a few times to support it, but without
doing it in pf(4) directly it makes little sense as you'd have to crawl pflog
output and even then you can't crawl non-log rules this way...
Cheers,
Franco
More information about the freebsd-pf
mailing list