I'm running...
ipf: IP Filter: v4.1.29 (396)
Kernel: IP Filter: v4.1.29
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x10e
...under NetBSD 5.1 release i386. I was wondering if there's a way to
partially wildcard an IP address specified with -D or -S as options to
`ipfstat -t'? For example, this will tell me about SSH connections:
ipfstat -t -P tcp -D any,22
What if I'm only interested in such traffic coming from a particular subnet?
-D/-S doesn't seem to accept CIDRs and/or <addr/mask>. The following kinds
of queries would be helpful:
ipfstat -t -P tcp -S 192.168.2.0/24,any -D any,22
ipfstat -t -P tcp -S 10.2.*.*.any -D any,22
ipfstat -t -P tcp -S 172.16.4.0/255.255.255.240,any -D any,22
...Maybe in ipf v5.11?
Also, is the only way to reset the state statistics reported by
`ipstat' or `ipstat -s' to reboot?
Regards,
Mike
