On 23 Jun 2013, at 00:55, Nikos Vassiliadis <[email protected]> wrote:
> On 06/22/2013 10:41 PM, Stan Gammons wrote:
>> On Sat, 2013-06-22 at 20:51 +0200, Nikos Vassiliadis wrote:
>>> It seems that people think that pf is unmaintained.
>>> Quite a disheartening thing for the person that did the hard work
>>> to create the smp-friendly pf in FreeBSD-10...
>>
>> My apologies Nikos for thinking PF is not maintained.
>
> I didn't want to make anybody apologize.
>
> I just wanted to add that pf in freebsd is not bad or inferior
> compared to the newer pf in openbsd. To some people the performance
> gain by smp-pf might be considered more useful than pf.conf
> compatibility between different OSes. Other people might need
> rdomains and all the other things the freebsd version doesn't have...
>
> Things are just different for quite a while now and they are growing
> even more differently. The fork happened for a reason or perhaps for
> a lot of reasons.
>
On topic, Gleb has put a lot of work on PF in -CURRENT which, iirc, made a
handful of open PRs irrelevant.
>> I was hoping others here could point me to a sysutil that generates
>> reports for PF like Lire does for IPFilter and etc. I had started work
>> on modifying one of the existing Lire dlf converters that would would
>> work with a PF log file that had been first processed through tcpdump.
>> But, I couldn't figure out the format tcpdump uses, so I haven't made
>> much progress. Can someone here help with the format tcpdump uses on
>> FreeBSD or point me in the right direction?
>
> Unfortunately there is no support for pf in lire. OTOH it looks
> simple enough to hack a custom filter in awk maybe? (sorry i possess
> no perl powers)
>
>> root@lab:/var/log # tcpdump -nlttttei pflog0 | awk '{ if ($5 == "block") $5
>> = "b"; print $1,$2,"hostname","PID", $2,$4,$5,$8,$9,$11 }'
>> tcpdump: WARNING: pflog0: no IPv4 address assigned
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size
>> 65535 bytes
>> 2013-06-23 01:12:24.210634 hostname PID 01:12:24.210634
>> 0..16777216/0(match): b bridge0: 192.168.65.1.60491 192.168.65.11.23:
>> 2013-06-23 01:12:28.016297 hostname PID 01:12:28.016297
>> 0..16777216/0(match): b bridge0: 192.168.65.1.40719 192.168.65.12.23:
>> 2013-06-23 01:12:53.307795 hostname PID 01:12:53.307795
>> 0..16777216/0(match): b bridge0: 192.168.65.13.11451 192.168.65.11.23:
>> 2013-06-23 01:12:55.781513 hostname PID 01:12:55.781513
>> 0..16777216/0(match): b bridge0: 192.168.65.13.62921 192.168.65.12.23:
>
> The output format I did here is not correct but with a bit of work
> you could come up with something that looks like a IPFilter log.
>
> HTH, Nikos
>
> _______________________________________________
> [email protected] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
