|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Internal Interface Stats of PF
Hi,
I'm using OpenBSD 5.3 . I wan't to get the stats of the top talkers in my LAN using the internal interface of my PF. Is there any command for that? currently I used pfctl -s info to get the information of the external interface. It show in and out traffic as a total value. Thanks |
|
|||
You can get statistics for each rule if you use labels. Two examples:
Code:
# --- allow outgoing UDP pass out quick on egress inet proto udp from any to any port domain label "$nr:$proto:DOMAIN" pass out quick on egress inet proto udp from any to any port ntp label "$nr:$proto:NTP" Code:
Quote:
Code:
pass in quick on internal inet proto tcp from 10.0.0.1 label "$nr:$proto:John" pass in quick on internal inet proto tcp from 10.0.0.2 to any flags S/SA label "1:tcp:Mary" pass in quick on internal inet proto tcp from 10.0.0.3 to any flags S/SA label "2:tcp:10.0.0.3"
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
||||
Hello, and welcome!
Everyone has their preferences. I'm partial to collecting Netflow statistics, which on OpenBSD are managed via pflow(4). I use net/nfsen as my monitoring tool, combining Netflow statistics from multiple routers. NFSen can be used with a single router, too. Here are some screenshots from NfSen's website. FYI: support for OpenBSD 5.3 ended on May 1, 2014. Only the two most recent releases are supported, which are 5.7 and 5.8. Support for 5.7 will end on or about May 1, 2016, with the release of 5.9. Last edited by jggimi; 14th December 2015 at 11:38 AM. Reason: added screenshot link |
|
|||
Hi Both,
Many thanks for your valuable information. Thanks Amitha |
|
||||
Quote:
Parenting just isn't what it used to be =)
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice. |
|
||||
Quote:
I am doing the same to my Irish twins (girls) |
|
|||
Hi,
Could I know the following code for PF in detail please? Quote:
Thanks |
|
||||
Neither of these two rules cause any disk I/O. They add 90 bytes to your pf.conf file's length.
The first rule creates a table in memory, containing one IP address. The second rule passes traffic destined for the single IP address, and adds a PF label to the rule. This label is only usable with pfctl(8) status reporting of in-kernel packet statstics, unrelated to process accounting records you might record in /var/accounts. Last edited by jggimi; 27th January 2016 at 11:01 AM. |
|
|||
Thanks a lot Jggimi.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Changing Which Interface Is Assigned To Network Interface (physical) Port | EverydayDiesel | OpenBSD General | 2 | 18th July 2014 10:25 AM |
Oracle tucks R stats language into database | J65nko | News | 0 | 10th February 2012 11:19 PM |
How do I troubleshoot an internal interface | BinarySpike | OpenBSD General | 3 | 1st September 2011 04:11 AM |
Redirect Internal Network to Internal Website | plexter | OpenBSD Security | 12 | 12th February 2009 08:00 PM |
2 external NIC + 1 internal NIC | AlexV | FreeBSD General | 7 | 4th June 2008 08:18 AM |