Firewall Rules hit counter - $150
-
cmb, is there a recommend page that has all awesome CLI commands?
pfctl man page is where I'd look. Not sure what you'd consider "awesome", our status.php page (no menu link) has probably all the most useful ones.
-
FreeBSD 8.3 Man Page
pfctl – control the packet filter (PF) and network address translation (NAT) device
http://www.freebsd.org/cgi/man.cgi?query=pfctl&apropos=0&sektion=8&manpath=FreeBSD+8.3-RELEASE&arch=default&format=html -
@cmb:
our status.php page (no menu link) has probably all the most useful ones.
How has this mine of info bypassed my radar until now? ::)
Awesome!Steve
-
status.php
Is there no link to this on the gui? I just looked and couldn't find it - but yeah looks pretty sweet when you go directly to that.
-
There is no link and that's done on purpose. It's rarely needed except for diagnostics and reporting to support. It's best left "hidden" so to speak.
-
That is great to share co-worker who thinks that networking is too easy to handle..
-
Okay, that status.php page is AMAZING!
However, I think I am noticing that the "evaluations" in "pfctl -vvsr" is counting every time that rule is evaluated by a connection. That's great, but I am looking for a counter when a rule matches a connection and either allows or denies a connection, "hit". Evaluations is kind of useless for troubleshooting or identifying dead rules, or even sorting them for efficiency.
The states, bytes and packets is awesome though.
-
I used to have some code that would do a traffic graph based on a rule, I could dig that up and see if I could make it work on pfsense if you'd be interested, basically a bandwidth graph on a per rule basis.
-
@cmb:
our status.php page (no menu link) has probably all the most useful ones.
Nice.
A minor issue I noticed is that the section showing the results of ipfw show now produces an error, apparently since the addition of the pfSense-specific -x context parameter.
-
Have you taken a look under Diagnostics –> pfTop --> Rules?
The PKTS, BYTES, STATE, & INFO colums should give you what your looking for.
-
Agreed, coming from the Cisco world having a hit counter is very helpful in trouble shooting and I would be willing to add $50 to have this feature implemented in the next version of PfSense. It would also be nice not to have it all in the same location like when you look at your rules you see how many times there was a match on that rule.
-
Hi, if someone is still interested on this, follow this topic
https://forum.pfsense.org/index.php?topic=97925.msg545345#msg545345
-
What about taking this, and spitting it out to an LCD ;)
