Thanks for the info in response to my last question - not tried it yet but I think I see what needs to be done.
Anyway, next question: I'm after statistics from the firewall so that I can use rrdtool to store and graph counters such as numbers of entries in the state table and blocked packets. I've looked through the pf(4) manpage and the header files and have written some code to display values returned from the DIOCGETSTATUS ioctl. Number of states I can find, but I can't find anything which might correspond to numbers of packets passed or blocked - pf_status.pcounters and bcounters seemed the obvious place to look but they only seem to contain 0. Is this info available anywhere? pfctl doesn't seem to show those values so perhaps pf doesn't track them? Is there any better API reference than the pf manpage? It mentions all the ioctls but doesn't really say what data is held in the structures. Thanks in advance.. Steve.
