Date: Fri, 20 Apr 2007 09:13:57 -0700 From: snowcrash <schneecrash+pf@gmail.com> To: "Max Laier" <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: displaying rule labels in pf logs Message-ID: <70f41ba20704200913j47b918c1k9032f13abe2111da@mail.gmail.com> In-Reply-To: <200704201738.10315.max@love2party.net> References: <70f41ba20704191637r3b615497ga13ebfa885db180c@mail.gmail.com> <200704201738.10315.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
hi max, > A small awk/perl/python/ruby/...-filter should get you running. Simply > suck in "pfctl -vvsr" output and build an associative array rule# -> > label and then just search and replace. that's an alternative. i'll have to figure out how with which script lang (for lowest overhead on an embedded box ...). thanks. > > is there an existing 'native' option to do so already 'in' pf+tcpdump? > > No there isn't - and I don't think we will implement it either. The > information can easily be obtained if the corresponding ruleset is > available and copying 64 byte additional information is a significant > overhead. As variable size headers are somewhat tricky, I'm afraid this > is a no-go - sorry. shame. i certainly can't speak to the performance/tech issue you raise, but, this (human-readable labels in my logs) is one of the very few things i *do* miss from the 'old' iptables-based solutions i migrated away from ... the script should be an alternative. thanks again.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?70f41ba20704200913j47b918c1k9032f13abe2111da>