On 04/15/2014 09:51 PM, Stefan Sieg wrote:
Hello,
with the already mentioned netflow solution you will not see connections
that are not expired. So you will not see "long live" connections like vpn or
ssh
in your statistics at the appointed date.
Maybe pf labels is for you ...
lan = "{ 192.168.5.1, 192.168.5.2, .... }"
match out on $ext_if inet proto tcp to any received-on $int_if nat-to $ext_if
pass in on $int_if inet proto tcp from $lan to any label "$srcaddr" \
tag LAN-INET
pass out on $ext_if tagged LAN-INET
With "pfctl -s labels" will get this (the numbers are explained in the manpage)
192.168.5.1 57 0 0 0 0 0 0 0
192.168.5.2 37 0 0 0 0 0 0 0
....
....
192.168.5.37 37 1950 1318232 1094 1215437 856 102795 37
....
"pfctl -z" clears the per rule statistics
Greetings
Stefan
Thanks for sharing this simple example.
Is it true, that I need to use list/macros
(and define all IPs from my /24 LAN there) in _from_ statement?
Because when I use tables:
table <admin> { 192.168.5.1, 192.168.5.20 }
table <lan> { 192.168.5.0/24 }
pass in on $int_if inet from <admin> to any label "$srcaddr" queue
(manager, ack)
pass in on $int_if inet proto tcp from <lan> to any port $portstuff
label "$srcaddr" queue (bulk, ack)
I got:
# pfctl -s labels
<admin> 3055 97 5125 49 2437 48 2688 17
<lan> 1315 0 0 0 0 0 0 0
<lan> 1315 0 0 0 0 0 0 0
<lan> 1315 0 0 0 0 0 0 0
<lan> 1315 3 152 3 152 0 0 1
<lan> 1315 0 0 0 0 0 0 0
<lan> 1315 0 0 0 0 0 0 0
<lan> 1315 0 0 0 0 0 0 0
<lan> 1315 74292 60498330 28705 5930177 45587 54568153 595
<lan> 1315 14227 3446348 7315 919595 6912 2526753 371
<lan> 1315 0 0 0 0 0 0 0
<lan> 1315 0 0 0 0 0 0 0
<lan> 1315 0 0 0 0 0 0 0
