pfBlockerNG Count and Packets Query - Seems like little being captured
-
I am not sure why Spamhaus is disabled,
Because the list format changed and the list is likely not downloading for you. Should be fixed in pf _17 (but _18 should be just around the corner too, so don't worry about it for a few days)
-
@jrey I have _17 installed so will see what _18 brings, its not an issue right now and actually didnt notice until I looked so that says something.
I did notice after I got rid of the v6 and other feeds mentioned earlier that packet counts for PFB went through the roof. I am thinking I may get rid of the others with a low count and no packets recorded as well.
Memory usage went down by 2% (14%) is this the low resource utilization that is mentioned? Want to see what is expected vs what is too much.
I am going to save my config and setup regex and see what happens.
-
@LPD7 said in pfBlockerNG Count and Packets Query - Seems like little being captured:
packet counts for PFB went through the roof.
Did you reset them ?
-
@jrey Yes I either do a reload or cron after changing settings. Is this what you were referring to?
Regex only has a 14 "count" is that right? I am still trying to get used to this, from what I understand the count is the number of targeted ip's and domains and the count is the number of packets that fell into that target range. Based on this understanding I feel like those with low count are probably not worth the resources or reduced performance incurred.
-
14 is correct for regex. - it uses the patterns in the list -- not specific names.
sorry, you had said the packet counts went through the roof -- so the question have you reset them (the counters) relates to that .
if you click the wrench icon at the top right of the pfBlockerNG dashboard widget the "settings" will display at the end of the list. Personally I use weekly and the counters get set to 0 then.
(Never IMHO is a poor choice, because although it can make some impressive (large) numbers, it is harder to visually pick up a trend of what works vs what doesn't.
The options there are Never, Daily and Weekly.I don't know your use case, but with the traffic here, and who is using, and after just observation over time, I can tell you what the approximate numbers should be for any day of the week. the Never option obscures that at least for me.
-
@jrey Great suggestion, I just set them to weekly. I am going to keep an eye on it for a week and see how it goes and see where I go from there. Thanks for your help.
My wife has me on a crusade. I am trying to see if there is a way to force devices that have cell data but get an IP from PFS DHCP to go through the FW and not the cellular so we can control access. The kids dont always adhere to the rules and I am looking to block their IPs from accessing the internet but still be locally connected/controlled and not able to bypass this by using cellular data. In my mind what I see is once they get an IP from PFS DHCP that setting is primary and overrides any cellular settings. Not sure if that or something similar is possible, I vaguely recall something like this but not certain.
-
@LPD7 said in pfBlockerNG Count and Packets Query - Seems like little being captured:
trying to see if there is a way to force devices that have cell data but get an IP from PFS DHCP to go through the FW and not the cellular so we can control access.
short answer is "yes" there is a way.
When the device is connected locally (wifi) easy part.
When the device is connected by Cell, VPN (settings so the traffic goes through the VPN/Firewall)All our mobile devices switch seamlessly between wifi and VPN (when on Cell) all DNS and access is controlled through the NetGate.
You likely want to ask those questions when they come up, in new posts in the appropriate forum areas.
. -
@jrey Its good to know there is a way. I will tackle that after I take a breather. Have a good your week.
-
@jrey I just noticed cpu usage is up to 20+% which is about double from a day before. When I go into system activity I see the cpu as idle which is confusing as I would think an idle state would see lower cpu%. Am I not looking at this correctly?
-
That is read as percentage at idle. your first core is at idle 96.68 % And only working .32%
-
@Uglybrian Appreciate that feedback. Why would cpu usage be at 23% if at idle thats where I am getting confused. Cpu usage has for the most part been half this number or lower and system activity is not showing it working on anything to justify the 23%. I may be looking at this wrong but to my mind cpu usage would be a representation of how much the cpu is being put to work on a task/function. I am assuming idle is the correct state given the command column contents and everything else in the system activity is or was at 0.00%.