Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 Feb 2005 14:25:53 +0100
From:      Max Laier <max@love2party.net>
To:        freebsd-net@freebsd.org
Cc:        David Gilbert <dgilbert@dclg.ca>
Subject:   Re: altq for vlans?
Message-ID:  <200502141426.01067.max@love2party.net>
In-Reply-To: <20050214094353.GX82324@obiwan.tataz.chchile.org>
References:  <16911.51264.86063.604597@canoe.dclg.ca> <16912.11613.216501.589279@canoe.dclg.ca> <20050214094353.GX82324@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart1483631.nVka8C0Pax
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 14 February 2005 10:43, Jeremie Le Hen wrote:
> > Anyways, the _real_ problem is that traditionally, I'd used firewall
> > rules for accounting as well as security.  To that end, labels are
> > very cool.  However, they have one rather large defect:
> >
> > If you're dealing with keep state rules, there seems to be no obvious
> > way to account for incoming vs. outgoing traffic.  The label only
> > reports total traffic for the state matching the rule... which is both
> > in and out.
>
> This is a workaround, but I found that ipfw's count rules are pretty
> useful for this purpose.  This would however add processing overhead
> for each packet especially using gigabit Ethernet.

Did you try to use tables?  I think it's one of the best tools for easy=20
accounting.

$pfctl -vvT show -t test
   192.168.0.1
        Cleared:     Mon Feb 14 14:19:39 2005
        In/Block:    [ Packets: 0                  Bytes: 0                =
  ]
        In/Pass:     [ Packets: 2                  Bytes: 168              =
  ]
        Out/Block:   [ Packets: 0                  Bytes: 0                =
  ]
        Out/Pass:    [ Packets: 2                  Bytes: 168              =
  ]

It does count everything on stateful rules and it's easy to monitor subnets=
=20
and whatnot.  See the various manual pages and the OpenBSD FAQ for more abo=
ut=20
tables.  You might also want to have a look at pfflowd from ports, which is=
=20
able to translate pfsync messages into flows for accounting purposes.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart1483631.nVka8C0Pax
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCEKboXyyEoT62BG0RAtWoAJ9OJNvv7B51jcdZrY2glS8OHsuQmACfQ1EL
TOOcX6N2znncsgg5GpXdKII=
=Ecbd
-----END PGP SIGNATURE-----

--nextPart1483631.nVka8C0Pax--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502141426.01067.max>