> 3(ba...@yandex.ru) on 2018.03.28 23:03:27 +0300: >> > On 03/28/18 15:04, 3 wrote: >> >> hi guys. when the pflow option first appeared, i was surprised by the >> >> stupidity of those who implemented it- pflow could not be specified >> >> for block-rules, i.e. dropped packets were not taken into account. as >> >> > hm. you've suffered nine years of this stupidity of others but have not >> > been able to add labels to your block rules? >> >> > Just as an experiment I added labels to the block rules on my >> > most-easily-reachable-from-here gateway, as in >> >> > block log (all) label blockgen >> > block drop log (all) quick from <portalbrutes> label portalbrutes >> > block drop log (all) quick from <abusives> label abusives >> > block drop log (all) quick from <webtrash> label webtrash >> > block drop log (all) quick from <bruteforce> label bruteforce >> >> > block drop log (all) quick from <longterm> label longterm >> > block in log (all) on ! lo0 proto tcp to port 6000:6010 label remotex11 >> >> > and voila, pfctl -sl gives me after a few minutes >> >> > [Wed Mar 28 16:15:29] peter@skapet:~$ sudo pfctl -vsl >> > blockgen 3739 452 19856 448 19664 4 192 0 >> > portalbrutes 3739 0 0 0 0 0 0 0 >> > abusives 3739 301 14681 301 14681 0 0 0 >> > webtrash 3438 0 0 0 0 0 0 0 >> > bruteforce 3438 0 0 0 0 0 0 0 >> > longterm 3438 0 0 0 0 0 0 0 >> > remotex11 3438 0 0 0 0 0 0 0 >> >> > man pf.conf is your friend, please consult there before letting >> > resentment stew for years next time, huh? >> >> maybe im so dumb and blind to see pflow here.. and maybe deal not in >> me. where is pflow?
> pflow can't export data for blocked packets. > It also does not send statistics. i understand- no kosher ways. im asking for illegal ways. many years ago there was no way either, but i found a way out. i dont think you are dumber than me
