From owner-freebsd-questions@FreeBSD.ORG  Mon Dec 19 04:19:11 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7FC0A16A41F
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Dec 2005 04:19:11 +0000 (GMT) (envelope-from parv@pair.com)
Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D3D4D43D58
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Dec 2005 04:19:10 +0000 (GMT) (envelope-from parv@pair.com)
Received: from default.chvlva.adelphia.net ([68.67.248.52])
	by mta10.adelphia.net
	(InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP id
	<20051219041910.CUAK22124.mta10.adelphia.net@default.chvlva.adelphia.net>
	for <freebsd-questions@freebsd.org>; Sun, 18 Dec 2005 23:19:10 -0500
Received: by default.chvlva.adelphia.net (Postfix, from userid 1000)
	id BA858B5CB; Sun, 18 Dec 2005 23:19:14 -0500 (EST)
Date: Sun, 18 Dec 2005 23:19:14 -0500
From: Parv <parv@pair.com>
To: f-q <freebsd-questions@freebsd.org>
Message-ID: <20051219041914.GA2544@holestein.holy.cow>
Mail-Followup-To: f-q <freebsd-questions@freebsd.org>
References: <20051218213501.GA72282@holestein.holy.cow>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20051218213501.GA72282@holestein.holy.cow>
Subject: Re: Compacting the "pf -v -s rules" output similar to "ipfstat
	-ionh"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2005 04:19:11 -0000

in message <20051218213501.GA72282@holestein.holy.cow>,
wrote Parv thusly...
>
> Before i write it myself, has anybody got a already prepared way
> to compact the "pfctl -v -s rules" output ...
> 
>   pass in on lo0 all
>     [ Evaluations: 22188     Packets: 10925     Bytes: 8392463     States: 0     ]
>   pass out on lo0 all
>     [ Evaluations: 21850     Packets: 10925     Bytes: 8392463     States: 0     ]
...
> ... to something like ...
> 
>   22188 pass in on lo0 all
>   21850 pass out on lo0 all
...

I think i found /a solution/ in pflogd(8) man page via use of
tcpdump.  I just have to get used to pf way of doing things like use
of bpf device & use of tcpdump to view rules statistics i suppose.
Ugh! (but what else can i do if i will be using pf?)


  - Parv

--