Date: Sat, 15 Jan 2005 18:23:37 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: How to determine "hits" on rules Message-ID: <200501151823.45078.max@love2party.net> In-Reply-To: <41E8B102.20706@forrie.com> References: <41E8B102.20706@forrie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1791697.6OMcbFaPMA Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 15 January 2005 06:58, Forrest Aldrich wrote: > I'm migrating one of my systems to PF from IPFW. > > In so doing and planning, I've reviewed the manpages and some online > literature. > > I've become dependent upon "ipfw -t" to determine hits on various spam > rules I've implemented - some of them large lists of /24's. > > I've not been able to determine that there is an equivalent in PF - > though I imagine there must be some method to accomplish this. > > I'd appreciate if someone could help point in the right direction. On Wednesday 12 January 2005 17:13, I wrote: > No, there is no such functionality. In fact, we don't even store such da= ta > in the rules. For rules that create state, you can check the output of > "$pfctl -vvss" for the newest state for a certain rule. For rules that do > logging, you can check /var/log/pflog for the last packet logged. > > I don't really see the point in this information. Why do you want to know > this? Can you explain a bit - it's certainly not difficult to implement. In any case: "pfctl -vsr" will give you counters on each rule. If you use a table to store the spammer-addresses, you might find: "pfctl=20 =2DvvTshow -t table_name" interesting. Check: http://www.benzedrine.cx/relaydb.html for a step-by-step tutorial, h= ow=20 to deal with spammers with the help of pf. This might give you some ideas. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1791697.6OMcbFaPMA Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB6VGgXyyEoT62BG0RAsPhAJ98F4R7ILyOpJM1rfgILPcPPW9uKQCdGZcQ P6B54jXUBkua73dxx/vohIc= =ntxA -----END PGP SIGNATURE----- --nextPart1791697.6OMcbFaPMA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501151823.45078.max>