OpenBSD 3.8 here.
I'm keeping accounting stats on one subnet (my wireless users). Each
user (about a dozen in all) has a static IP address and there's a
separate, labeled "counting" rule for each one:
pass in quick on $wls_if inet from 192.168.0.123to !
<wls_forbidden_nets> flags S/SA keep state label "wireless .123"
All of these rules are in their own separate anchor, "wlsacct". So far
so good.
Each night I've got a cron job that grabs these stats and dumps them to
a log file for later parsing and totalling:
/sbin/pfctl -s labels -a wlsacct >> /var/log/wireless_stats
Also good. However, after I do the nightly dump, I'm stumped at how to
zero the counters/statistics so we start from scratch. "-z" doesn't do
it, nor does "-F info". The best I can come up with is to entirely
delete the anchor and start over:
pfctl -a wlsacct -F rules
pfctl -a wlsacct -f pf.conf.wlsacct_anchor
Is there an easier way to zero the rule/label counters?
thanks much, oh pf demigods,
--jon--
ps: alternatively...is there any better way to start from scratch to go
about doing what I'm really trying to accomplish, which is to collect
wireless network traffic stats on a per-IP address? for one, I suspect
I could I get rid of the labels entirely and just use the normal
per-rule statistics output from pfctl -v instead...but if so, what's
the whole purpose behind labels at all? Just as an optimization
barrier, or...?
