Re: altq for vlans?

• Previous message: FreeBSD bugmaster: "Current problem reports assigned to you"
• In reply to: Jeremie Le Hen: "Re: altq for vlans?"
• Next in thread: Jon Simola: "Re: altq for vlans?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-net@freebsd.org
Date: Mon, 14 Feb 2005 14:25:53 +0100

On Monday 14 February 2005 10:43, Jeremie Le Hen wrote:
> > Anyways, the _real_ problem is that traditionally, I'd used firewall
> > rules for accounting as well as security. To that end, labels are
> > very cool. However, they have one rather large defect:
> >
> > If you're dealing with keep state rules, there seems to be no obvious
> > way to account for incoming vs. outgoing traffic. The label only
> > reports total traffic for the state matching the rule... which is both
> > in and out.
>
> This is a workaround, but I found that ipfw's count rules are pretty
> useful for this purpose. This would however add processing overhead
> for each packet especially using gigabit Ethernet.

Did you try to use tables? I think it's one of the best tools for easy
accounting.

$pfctl -vvT show -t test
   192.168.0.1
        Cleared: Mon Feb 14 14:19:39 2005
        In/Block: [ Packets: 0 Bytes: 0 ]
        In/Pass: [ Packets: 2 Bytes: 168 ]
        Out/Block: [ Packets: 0 Bytes: 0 ]
        Out/Pass: [ Packets: 2 Bytes: 168 ]

It does count everything on stateful rules and it's easy to monitor subnets
and whatnot. See the various manual pages and the OpenBSD FAQ for more about
tables. You might also want to have a look at pfflowd from ports, which is
able to translate pfsync messages into flows for accounting purposes.

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

• application/pgp-signature attachment: stored

• Previous message: FreeBSD bugmaster: "Current problem reports assigned to you"
• In reply to: Jeremie Le Hen: "Re: altq for vlans?"
• Next in thread: Jon Simola: "Re: altq for vlans?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: altq for vlans? ... > rules for accounting as well as security. ... To that end, labels are ... > If you're dealing with keep state rules, there seems to be no obvious ... Jeremie Le Hen ... (freebsd-net) Re: More on garbage ... Lessing performed both trading and accounting tasks, ... stopped before the bank went broke. ... there is a difference between security and reliability. ... (sci.crypt) Re: SQL Server - Enterprise Manager ... > Our accounting package is ACCPAC Corporate Series running on SQL Server ... > security and the programmers would have access to "all of the accounting ... > We would like to know if there's a way within Enterprise Manger to ... (microsoft.public.sqlserver.security) Re: Debug privileges ... those operating systems were designed with security as an important ... Except if the person starting a process is an employee and the actual ... So I assume that all good accounting ... privileges but WriteProcessMemory does not say that; ... (microsoft.public.platformsdk.security) Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly ... I don't think "we" as a "security community" have even begun to tackle this ... you want to network machines you *have* to use SMB/NetBIOS for Windows, ... But that doesn't protect that machine from ... might have a firewall that cordons off accounting from the rest of the ... (Full-Disclosure)