https://man.openbsd.org/pflow.4
On Wed, Mar 28, 2018 at 4:03 PM, 3 <ba...@yandex.ru> wrote: > > On 03/28/18 15:04, 3 wrote: > >> hi guys. when the pflow option first appeared, i was surprised by the > >> stupidity of those who implemented it- pflow could not be specified > >> for block-rules, i.e. dropped packets were not taken into account. as > > > hm. you've suffered nine years of this stupidity of others but have not > > been able to add labels to your block rules? > > > Just as an experiment I added labels to the block rules on my > > most-easily-reachable-from-here gateway, as in > > > block log (all) label blockgen > > block drop log (all) quick from <portalbrutes> label portalbrutes > > block drop log (all) quick from <abusives> label abusives > > block drop log (all) quick from <webtrash> label webtrash > > block drop log (all) quick from <bruteforce> label bruteforce > > > block drop log (all) quick from <longterm> label longterm > > block in log (all) on ! lo0 proto tcp to port 6000:6010 label remotex11 > > > and voila, pfctl -sl gives me after a few minutes > > > [Wed Mar 28 16:15:29] peter@skapet:~$ sudo pfctl -vsl > > blockgen 3739 452 19856 448 19664 4 192 0 > > portalbrutes 3739 0 0 0 0 0 0 0 > > abusives 3739 301 14681 301 14681 0 0 0 > > webtrash 3438 0 0 0 0 0 0 0 > > bruteforce 3438 0 0 0 0 0 0 0 > > longterm 3438 0 0 0 0 0 0 0 > > remotex11 3438 0 0 0 0 0 0 0 > > > man pf.conf is your friend, please consult there before letting > > resentment stew for years next time, huh? > > maybe im so dumb and blind to see pflow here.. and maybe deal not in > me. where is pflow? > > -- -- --------------------------------------------------------------------------------------------------------------------- Knowing is not enough; we must apply. Willing is not enough; we must do
