Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BPF filters with pfflowd

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dark0rbit
      last edited by

      I use pfflowd for netflows capturing and it works great. The only problem is that I also use a transparent squid proxy so netflows reports both incoming and outgoing traffic from between the squid proxy and the local host and between the remote host and the squid proxy. Basically it looks like all reported HTTP traffic is doubled and makes it hard to track which host is causing which traffic. I know that this is accurate reporting but I would prefer it filter out the traffic to and from the proxy.

      I read in the pfflowd man page that you can put in a BPF filter at the end of the command to filter out unwanted traffic like this. Unfortunately when I do, it spits this out:

      pcap_compile("ip and not host localhost and xxx.xxx.xxx.xxx(outside IP)"): PFSYNC link-layer type filtering not implemented

      I'm not sure that is perfectly correct or anything but I do believe the filter is valid. Any ideas?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.