5. [feature request] will hit count be present in pfsense 2.3 ?

[feature request] will hit count be present in pfsense 2.3 ?

  • W

    hi , hit count patch by marcelloc be present in pfsense 2.3 ?

    thanks ?

    0
  • W

    up  ?

    0
  • B

    @whitexp:

    hi , hit count patch by marcelloc be present in pfsense 2.3 ?

    thanks ?

    Unfortunately it didn't make it.
    https://forum.pfsense.org/index.php?topic=97925.msg584705#msg584705

    Hopefully it will be corrected against master and made available as a system patch in the meanwhile.

    0

  • After a new function added to pfsene 2.3, I've updated the code to today's beta version.

    I think it's close to get merged.




    0
  • A

    Yeah :)

    https://github.com/pfsense/pfsense/commit/cc2cff0b9be33eaea6c947f1fffc746895fd24fe

    0
  • A

    Sadly, some of my rules get their counters reset when a Filter Reload takes place. I believe it's related to using Port Aliases. Here's a rule with Port Aliases before and after a Filter Reload:

    Before:

    
[2.3-BETA][root@pfsense]/root: pfctl -vvsr | grep -A32 "@175"
@175(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ftp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1087      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]
@176(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nicname flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1087      Packets: 10        Bytes: 2981        States: 1     ]
  [ Inserted: pid 20721 State Creations: 1     ]
@177(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = http flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]
@178(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ntp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]
@179(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = https flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]
@180(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = rtsp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]
@181(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nntps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]
@182(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = imaps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1086      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]
@183(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port 1023:65535 flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1086      Packets: 40        Bytes: 2324        States: 4     ]
  [ Inserted: pid 20721 State Creations: 4     ]
@184(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = pop3s flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1082      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]
@185(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = daytime flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1082      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 20721 State Creations: 0     ]

    and after:

    
  [2.3-BETA][root@pfsense]/root: pfctl -vvsr | grep -A32 "@175"
@175(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ftp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@176(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nicname flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@177(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = http flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@178(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = ntp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@179(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = https flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@180(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = rtsp flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@181(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = nntps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@182(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = imaps flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@183(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port 1023:65535 flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1093      Packets: 10        Bytes: 582         States: 1     ]
  [ Inserted: pid 73316 State Creations: 1     ]
@184(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = pop3s flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1092      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
@185(1416374367) pass in quick on igb0 route-to (igb1 *.*.*.1) inet proto tcp from *.*.*.0/24 to any port = daytime flags S/SA keep state label "USER_RULE: Allow Ports TCP IPv4"
  [ Evaluations: 1092      Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 73316 State Creations: 0     ]
    0
  • A

    Another problem:

    One seems to have to edit & save rules that are auto-created as associated Firewall rules for NAT rules.
    If they are not edited once, with pfctl -vvsr they look like:

    @100(0)

    and it seems the 0 is some kind of rule ID. Because all auto-created rules with 0 show the same data.
    Editing the rule once makes it show up like this:

    @100(1454050846)

    Afterwards data seems to be accurate.

    0
  • C

    @athurdent:

    Another problem:

    One seems to have to edit & save rules that are auto-created as associated Firewall rules for NAT rules.
    If they are not edited once, with pfctl -vvsr they look like:

    @100(0)

    Associated firewall rules were missing the tracker ID. I just fixed that. For existing rules, either edit and save, or once you go through an upgrade that includes the config revision 14.1 upgrade, it'll add any missing tracker tags.

    0
  • A

    Great, thanks! That was quick :)
    GitSynced, gave it a quick test and it worked like a charm.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy