On 03/28/18 22:03, 3 wrote: > maybe im so dumb and blind to see pflow here.. and maybe deal not in > me. where is pflow?
pflow gets the data it exports from the state table. Blocked connections do not create state table entries. This means that pflow does not have the information you're looking for. You can still get detailed information about blocked connection attempts, in the aggregate via labels as I showed you, or from pflog. You could even have your block rules logged to a separate pflog interface. Others have alredy pointed you at other alternatives. Obsessing about pflow unfortunately isn't going to get you anywhere. Exploring the other options might. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
