Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [feature request] will hit count be present in pfsense 2.3 ?

    Scheduled Pinned Locked Moved 2.3-RC Snapshot Feedback and Issues - ARCHIVED
    9 Posts 5 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      whitexp
      last edited by

      hi , hit count patch by marcelloc be present in pfsense 2.3 ?

      thanks ?

      1 Reply Last reply Reply Quote 0
      • W
        whitexp
        last edited by

        up  ?

        1 Reply Last reply Reply Quote 0
        • B
          brandur
          last edited by

          @whitexp:

          hi , hit count patch by marcelloc be present in pfsense 2.3 ?

          thanks ?

          Unfortunately it didn't make it.
          https://forum.pfsense.org/index.php?topic=97925.msg584705#msg584705

          Hopefully it will be corrected against master and made available as a system patch in the meanwhile.

          SG-4860 w/128GB SSD & 8GB RAM

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            After a new function added to pfsene 2.3, I've updated the code to today's beta version.

            I think it's close to get merged.

            hit_count_23.PNG
            hit_count_23.PNG_thumb
            hit_count_23_02.PNG
            hit_count_23_02.PNG_thumb

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • A
              athurdent
              last edited by

              Yeah :)

              https://github.com/pfsense/pfsense/commit/cc2cff0b9be33eaea6c947f1fffc746895fd24fe

              1 Reply Last reply Reply Quote 0
              • A
                athurdent
                last edited by

                Sadly, some of my rules get their counters reset when a Filter Reload takes place. I believe it's related to using Port Aliases. Here's a rule with Port Aliases before and after a Filter Reload:

                Before:

                
                [2.3-BETA][root@pfsense]/root: pfctl -vvsr | grep -A32 "@175"
                @175(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ftp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1087      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                @176(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nicname flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1087      Packets: 10        Bytes: 2981        States: 1     ]
                  [ Inserted: pid 20721 State Creations: 1     ]
                @177(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = http flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                @178(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ntp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                @179(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = https flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                @180(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = rtsp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                @181(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nntps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                @182(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = imaps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                @183(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port 1023:65535 flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1086      Packets: 40        Bytes: 2324        States: 4     ]
                  [ Inserted: pid 20721 State Creations: 4     ]
                @184(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = pop3s flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1082      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                @185(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = daytime flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1082      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 20721 State Creations: 0     ]
                
                

                and after:

                
                  [2.3-BETA][root@pfsense]/root: pfctl -vvsr | grep -A32 "@175"
                @175(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ftp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @176(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nicname flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @177(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = http flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @178(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ntp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @179(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = https flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @180(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = rtsp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @181(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nntps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @182(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = imaps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @183(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port 1023:65535 flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1093      Packets: 10        Bytes: 582         States: 1     ]
                  [ Inserted: pid 73316 State Creations: 1     ]
                @184(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = pop3s flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1092      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                @185(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = daytime flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
                  [ Evaluations: 1092      Packets: 0         Bytes: 0           States: 0     ]
                  [ Inserted: pid 73316 State Creations: 0     ]
                
                
                1 Reply Last reply Reply Quote 0
                • A
                  athurdent
                  last edited by

                  Another problem:

                  One seems to have to edit & save rules that are auto-created as associated Firewall rules for NAT rules.
                  If they are not edited once, with pfctl -vvsr they look like:

                  @100(0) 
                  

                  and it seems the 0 is some kind of rule ID. Because all auto-created rules with 0 show the same data.
                  Editing the rule once makes it show up like this:

                  @100(1454050846)
                  

                  Afterwards data seems to be accurate.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    @athurdent:

                    Another problem:

                    One seems to have to edit & save rules that are auto-created as associated Firewall rules for NAT rules.
                    If they are not edited once, with pfctl -vvsr they look like:

                    @100(0) 
                    

                    Associated firewall rules were missing the tracker ID. I just fixed that. For existing rules, either edit and save, or once you go through an upgrade that includes the config revision 14.1 upgrade, it'll add any missing tracker tags.

                    1 Reply Last reply Reply Quote 0
                    • A
                      athurdent
                      last edited by

                      Great, thanks! That was quick :)
                      GitSynced, gave it a quick test and it worked like a charm.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.