label creates counters for statistics
pass log proto { tcp, udp } from any to $emailserver port smtp \
label "mail-in"
pass log proto { tcp, udp } from $emailserver to any port smtp \
label "mail-out"shows up with pfctl -vs rules, human readable:
$ pfctl -vs rules pass inet proto tcp from any to 192.0.2.225 port = smtp flags S/SA keep state label "mail-in" [ Evaluations: 1664158 Packets: 1601986 Bytes: 763762591 States: 0 ] [ Inserted: uid 0 pid 24490 ] pass inet proto tcp from 192.0.2.225 to any port = smtp flags S/SA keep state label "mail-out" [ Evaluations: 2814933 Packets: 2711211 Bytes: 492510664 States: 0 ] [ Inserted: uid 0 pid 24490 ]
or to feed to a script:
$ sudo pfctl -vsl mail-in 1664158 1601986 763762591 887895 682427415 714091 81335176 mail-out 2814933 2711211 492510664 1407278 239776267 1303933 252734397
label, evaluations, packets passed, bytes passed, packets in, bytes in, packets out, bytes out