OpenBSD's pf and traffic
Eugene M. Minkovskii
emin at mccme.ru
Sun Mar 20 23:13:18 PST 2005
On Sun, Mar 20, 2005 at 05:51:58PM +0100, Peter N. M. Hansteen wrote:
" "Eugene M. Minkovskii" <emin at mccme.ru> writes:
"
" > Does any body know, how can I use OpenBSD's pf (packet filter) for
" > determine total traffic volume on network interface? If it's
" > impossible, what facility you recommend me to do this?
"
" Various pfctl -s options (eg pfctl -s info) give you counters of bytes
" and packets passed or blocked. If you use labels in your pass rules,
" you'll get per label counters as well.
"
Thank you, Peter.
So, now I can define rule like
block in log on $ext_ip inet from any to $ext_ip label $ext_ip
pass in on $ext_ip inet from any to $ext_ip port 22 keep sate
As you can see, ssh packets match to all rule and pass in because
last rule win. Does it mean, that I can't see ssh's packet using
command
# pfctl -sl
And if I use
block in log on $ext_ip inet from any to $ext_ip label $ext_ip
pass in on $ext_ip inet from any to $ext_ip port 22 keep sate label $ext_ip
... I see label twice ?
Perhaps you know where I can find workable example of this?
--
Sensory yours, Eugene Minkovskii
Сенсорно ваш, Евгений Миньковский
More information about the freebsd-questions
mailing list