From owner-freebsd-pf@FreeBSD.ORG Wed Jan 12 16:13:28 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8390E16A4CE for ; Wed, 12 Jan 2005 16:13:28 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22C1943D2F for ; Wed, 12 Jan 2005 16:13:28 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Col7b-0001wD-00; Wed, 12 Jan 2005 17:13:23 +0100 Received: from [217.227.150.54] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1Col7a-0001j7-00; Wed, 12 Jan 2005 17:13:23 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Wed, 12 Jan 2005 17:13:07 +0100 User-Agent: KMail/1.7.2 References: <41E34BA2.5060404@forrie.com> In-Reply-To: <41E34BA2.5060404@forrie.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2474564.Zk18hZCn0v"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200501121713.17588.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: Timestamp on packets? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jan 2005 16:13:28 -0000 --nextPart2474564.Zk18hZCn0v Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 11 January 2005 04:44, Forrest Aldrich wrote: > After reading through the manpage for pfctl, I wonder if there's a > mechanism/equivalent for PF that shows the timestamp of the last "hit" > on a rule... similar to "ipfw -t"...? No, there is no such functionality. In fact, we don't even store such data= in=20 the rules. For rules that create state, you can check the output of "$pfct= l=20 =2Dvvss" for the newest state for a certain rule. For rules that do loggin= g,=20 you can check /var/log/pflog for the last packet logged. I don't really see the point in this information. Why do you want to know= =20 this? Can you explain a bit - it's certainly not difficult to implement. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2474564.Zk18hZCn0v Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB5UydXyyEoT62BG0RAkSPAJwLhiULtjaV54R4dNHM4y3TqHgfEgCfU9+1 VK1qXjsmpZ/fd2jSuyDR52E= =VrsV -----END PGP SIGNATURE----- --nextPart2474564.Zk18hZCn0v--