[feature request] will hit count be present in pfsense 2.3 ?
-
hi , hit count patch by marcelloc be present in pfsense 2.3 ?
thanks ?
-
up ?
-
hi , hit count patch by marcelloc be present in pfsense 2.3 ?
thanks ?
Unfortunately it didn't make it.
https://forum.pfsense.org/index.php?topic=97925.msg584705#msg584705Hopefully it will be corrected against master and made available as a system patch in the meanwhile.
-
After a new function added to pfsene 2.3, I've updated the code to today's beta version.
I think it's close to get merged.
-
Yeah :)
https://github.com/pfsense/pfsense/commit/cc2cff0b9be33eaea6c947f1fffc746895fd24fe
-
Sadly, some of my rules get their counters reset when a Filter Reload takes place. I believe it's related to using Port Aliases. Here's a rule with Port Aliases before and after a Filter Reload:
Before:
[2.3-BETA][root@pfsense]/root: pfctl -vvsr | grep -A32 "@175" @175(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ftp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1087 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ] @176(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nicname flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1087 Packets: 10 Bytes: 2981 States: 1 ] [ Inserted: pid 20721 State Creations: 1 ] @177(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = http flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1086 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ] @178(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ntp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1086 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ] @179(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = https flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1086 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ] @180(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = rtsp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1086 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ] @181(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nntps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1086 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ] @182(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = imaps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1086 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ] @183(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port 1023:65535 flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1086 Packets: 40 Bytes: 2324 States: 4 ] [ Inserted: pid 20721 State Creations: 4 ] @184(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = pop3s flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1082 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ] @185(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = daytime flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1082 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 20721 State Creations: 0 ]and after:
[2.3-BETA][root@pfsense]/root: pfctl -vvsr | grep -A32 "@175" @175(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ftp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @176(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nicname flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @177(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = http flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @178(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ntp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @179(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = https flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @180(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = rtsp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @181(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nntps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @182(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = imaps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @183(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port 1023:65535 flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1093 Packets: 10 Bytes: 582 States: 1 ] [ Inserted: pid 73316 State Creations: 1 ] @184(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = pop3s flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1092 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] @185(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = daytime flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4" [ Evaluations: 1092 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 73316 State Creations: 0 ] -
Another problem:
One seems to have to edit & save rules that are auto-created as associated Firewall rules for NAT rules.
If they are not edited once, with pfctl -vvsr they look like:@100(0)and it seems the 0 is some kind of rule ID. Because all auto-created rules with 0 show the same data.
Editing the rule once makes it show up like this:@100(1454050846)Afterwards data seems to be accurate.
-
Another problem:
One seems to have to edit & save rules that are auto-created as associated Firewall rules for NAT rules.
If they are not edited once, with pfctl -vvsr they look like:@100(0)Associated firewall rules were missing the tracker ID. I just fixed that. For existing rules, either edit and save, or once you go through an upgrade that includes the config revision 14.1 upgrade, it'll add any missing tracker tags.
-
Great, thanks! That was quick :)
GitSynced, gave it a quick test and it worked like a charm.
