On Wed, Mar 08, 2006 at 02:58:19AM -0800, Tihomir Koychev wrote: > --- Sven Ingebrigt Ulland <[EMAIL PROTECTED]> wrote: > > Keywords: openbsd 3.8, pf, accounting, per-protocol, per-ip, bridging > > > > What I want to do is: > > - Accurately account for packets and bytes per client in and out > > between the local and internet zone, i.e. don't do accounting when > > SSH-ing from host Sven to the OpenBSD bridge for maintenance, etc. > > > > - Preferably account for each protocol (TCP, UDP, ICMP) per client. > > This is not a must, however. > > > > - Keep the firewalling capabilities intact. > > This problems are frequently asked.There is simple solution, which is > not in PF itself.Use PF to do what he do best, to block and pass what > you want.
Ah, great. It relieving to see it is partially decoupled from the firewall, it spares me a horrible headache :^) > Visit http://www.mindrot.org/projects.html > Project pfflowd,flowd,softflowd are what is looking for.Capture traffic > with pfflowd or softslowd and sent it to flowd which filter and store > data.Use scripts in flowd project and store information in mSQL > database.Once you have everything in SQL you are done. > I use this with cacti. Apparently I have some reading to do. pfsync0 doesn't seem to report state changes as expected (i see only a fraction of the total traffic), and I don't understand how the SysUptime stamps are used in the pfflowd netflow packets. But I'll figure it out somehow. Thanks for the answer, Tihomir. sven
