if memory serves set logingterface for anything but a single interface doesn't lead to the intended results, so this is on purpose. unless you fix the code so that pfctl -si shows the sum for all interfaces in the given group, there is no point at all.
* Han Boetes <[email protected]> [2010-12-16 12:16]: > Hi, > > I took a leap of faith and discovered some options not mentioned > in pf.conf(5). What do you think of this patch? > > > Index: share/man/man5/pf.conf.5 > =================================================================== > RCS file: /cvs/src/share/man/man5/pf.conf.5,v > retrieving revision 1.476 > diff -u -r1.476 pf.conf.5 > --- share/man/man5/pf.conf.5 19 May 2010 13:51:37 -0000 1.476 > +++ share/man/man5/pf.conf.5 16 Dec 2010 09:49:23 -0000 > @@ -1057,15 +1057,15 @@ > .Pp > .Dl # pfctl -s info > .Pp > -In this example > +You can set on which interfaces > .Xr pf 4 > -collects statistics on the interface named dc0: > +collects statistics with: > .Pp > -.Dl set loginterface dc0 > +.Dl set loginterface [if|ifgroup|none|all] > .Pp > -One can disable the loginterface using: > +For example, you can enable logging both bge0 and bge1 with: > .Pp > -.Dl set loginterface none > +.Dl set loginterface bge > .It Ar set optimization > Optimize state timeouts for one of the following network environments: > .Pp > @@ -2608,7 +2608,7 @@ > [ "optimization" [ "default" | "normal" | "high-latency" | > "satellite" | "aggressive" | "conservative" ] ] > [ "limit" ( limit-item | "{" limit-list "}" ) ] | > - [ "loginterface" ( interface-name | "none" ) ] | > + [ "loginterface" ( interface-name | interface-group | > "none" | "all" ) ] | > [ "block-policy" ( "drop" | "return" ) ] | > [ "state-policy" ( "if-bound" | "floating" ) ] > [ "state-defaults" state-opts ] > > > > > # Han > -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
