On 03/28/18 15:04, 3 wrote: > hi guys. when the pflow option first appeared, i was surprised by the > stupidity of those who implemented it- pflow could not be specified > for block-rules, i.e. dropped packets were not taken into account. as
hm. you've suffered nine years of this stupidity of others but have not been able to add labels to your block rules? Just as an experiment I added labels to the block rules on my most-easily-reachable-from-here gateway, as in block log (all) label blockgen block drop log (all) quick from <portalbrutes> label portalbrutes block drop log (all) quick from <abusives> label abusives block drop log (all) quick from <webtrash> label webtrash block drop log (all) quick from <bruteforce> label bruteforce block drop log (all) quick from <longterm> label longterm block in log (all) on ! lo0 proto tcp to port 6000:6010 label remotex11 and voila, pfctl -sl gives me after a few minutes [Wed Mar 28 16:15:29] peter@skapet:~$ sudo pfctl -vsl blockgen 3739 452 19856 448 19664 4 192 0 portalbrutes 3739 0 0 0 0 0 0 0 abusives 3739 301 14681 301 14681 0 0 0 webtrash 3438 0 0 0 0 0 0 0 bruteforce 3438 0 0 0 0 0 0 0 longterm 3438 0 0 0 0 0 0 0 remotex11 3438 0 0 0 0 0 0 0 man pf.conf is your friend, please consult there before letting resentment stew for years next time, huh? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
