PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
label creates counters for statistics
pass log proto { tcp, udp } to $emailserver port smtp \ label "mail-in" pass log proto { tcp, udp } from $emailserver to port smtp \ label "mail-out"
shows up with pfctl -vs rules, human readable:
$ pfctl -vs rules pass inet proto tcp from any to 192.0.2.225 port = smtp flags S/SA keep state label "mail-in" [ Evaluations: 1664158 Packets: 1601986 Bytes: 763762591 States: 0 ] [ Inserted: uid 0 pid 24490 ] pass inet proto tcp from 192.0.2.225 to any port = smtp flags S/SA keep state label "mail-out" [ Evaluations: 2814933 Packets: 2711211 Bytes: 492510664 States: 0 ] [ Inserted: uid 0 pid 24490 ]