hi max,
A small awk/perl/python/ruby/...-filter should get you running. Simply suck in "pfctl -vvsr" output and build an associative array rule# -> label and then just search and replace.
that's an alternative. i'll have to figure out how with which script lang (for lowest overhead on an embedded box ...). thanks.
> is there an existing 'native' option to do so already 'in' pf+tcpdump? No there isn't - and I don't think we will implement it either. The information can easily be obtained if the corresponding ruleset is available and copying 64 byte additional information is a significant overhead. As variable size headers are somewhat tricky, I'm afraid this is a no-go - sorry.
shame. i certainly can't speak to the performance/tech issue you raise, but, this (human-readable labels in my logs) is one of the very few things i *do* miss from the 'old' iptables-based solutions i migrated away from ... the script should be an alternative. thanks again. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
