On 27 Dec 2019, at 21:49, Franco Fichtner wrote:
Hi,
On 27. Dec 2019, at 6:45 PM, Kristof Provost <kris...@sigsegv.be>
wrote:
What are you trying to accomplish?
Some people believe that "last match" is a great metric to audit rules
for
intrusion detection and all sorts ruleset optimisation and refinement.
In OPNsense the question has popped up a few times to support it, but
without
doing it in pf(4) directly it makes little sense as you'd have to
crawl pflog
output and even then you can't crawl non-log rules this way...
Would SDT probe points be useful for this?
I have a background todo item to add those where they’d be meaningful.
They have the advantage of not really having a cost when they’re not
active, of being really easy to add, and of not imposing ABI changes.
Best regards,
Kristof
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
