On 06/22/2013 10:41 PM, Stan Gammons wrote:
On Sat, 2013-06-22 at 20:51 +0200, Nikos Vassiliadis wrote:
It seems that people think that pf is unmaintained.
Quite a disheartening thing for the person that did the hard work
to create the smp-friendly pf in FreeBSD-10...
My apologies Nikos for thinking PF is not maintained.
I didn't want to make anybody apologize.
I just wanted to add that pf in freebsd is not bad or inferior
compared to the newer pf in openbsd. To some people the performance
gain by smp-pf might be considered more useful than pf.conf
compatibility between different OSes. Other people might need
rdomains and all the other things the freebsd version doesn't have...
Things are just different for quite a while now and they are growing
even more differently. The fork happened for a reason or perhaps for
a lot of reasons.
I was hoping others here could point me to a sysutil that generates
reports for PF like Lire does for IPFilter and etc. I had started work
on modifying one of the existing Lire dlf converters that would would
work with a PF log file that had been first processed through tcpdump.
But, I couldn't figure out the format tcpdump uses, so I haven't made
much progress. Can someone here help with the format tcpdump uses on
FreeBSD or point me in the right direction?
Unfortunately there is no support for pf in lire. OTOH it looks
simple enough to hack a custom filter in awk maybe? (sorry i possess
no perl powers)
root@lab:/var/log # tcpdump -nlttttei pflog0 | awk '{ if ($5 == "block") $5 = "b"; print
$1,$2,"hostname","PID", $2,$4,$5,$8,$9,$11 }'
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 65535
bytes
2013-06-23 01:12:24.210634 hostname PID 01:12:24.210634 0..16777216/0(match): b
bridge0: 192.168.65.1.60491 192.168.65.11.23:
2013-06-23 01:12:28.016297 hostname PID 01:12:28.016297 0..16777216/0(match): b
bridge0: 192.168.65.1.40719 192.168.65.12.23:
2013-06-23 01:12:53.307795 hostname PID 01:12:53.307795 0..16777216/0(match): b
bridge0: 192.168.65.13.11451 192.168.65.11.23:
2013-06-23 01:12:55.781513 hostname PID 01:12:55.781513 0..16777216/0(match): b
bridge0: 192.168.65.13.62921 192.168.65.12.23:
The output format I did here is not correct but with a bit of work
you could come up with something that looks like a IPFilter log.
HTH, Nikos
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
