On Tue, 6 Nov 2007 Eric F Crist <[EMAIL PROTECTED]> wrote: > So, everything I've read says that ipfw show displays rule number, > packets caught, bytes matched, and rule. The problem I'm having is > that it seems that the bytes, at least on some rules, is way out of > whack. I'm capturing this data for cacti, and trying to display > accumulated ipfw traffic. > > If I zero my counters and download a file via FTP, the downloaded > sizes don't even compare. 61MB into the download, if I convert the > ipfw show from the supposed bytes into MB, it says I've downloaded > 155MB.
Catching up on a few days' digests, and seeing noone else having a go: It helps to show rather than tell about your rules, but I'll guess that you're not distinguishing between inbound and outbound traffic, ie your rules are counting packets both on the way in (pass 1) and out (pass 2) Eg allowing traffic using 'via' (qualified neither by 'in' nor 'out') allows (so, counts) a packet on both passes .. as may stateful rules. Separate counts before allowing traffic can be best for accounting, eg add $n1 count ip from $outthere to $inhere in recv $some_if add $n2 count ip from $inhere to $outthere out xmit $some_if [..] add allow $whatever .. HTH, Ian _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"