> On 03/28/18 15:04, 3 wrote: >> hi guys. when the pflow option first appeared, i was surprised by the >> stupidity of those who implemented it- pflow could not be specified >> for block-rules, i.e. dropped packets were not taken into account. as
> hm. you've suffered nine years of this stupidity of others but have not > been able to add labels to your block rules? > Just as an experiment I added labels to the block rules on my > most-easily-reachable-from-here gateway, as in > block log (all) label blockgen > block drop log (all) quick from <portalbrutes> label portalbrutes > block drop log (all) quick from <abusives> label abusives > block drop log (all) quick from <webtrash> label webtrash > block drop log (all) quick from <bruteforce> label bruteforce > block drop log (all) quick from <longterm> label longterm > block in log (all) on ! lo0 proto tcp to port 6000:6010 label remotex11 > and voila, pfctl -sl gives me after a few minutes > [Wed Mar 28 16:15:29] peter@skapet:~$ sudo pfctl -vsl > blockgen 3739 452 19856 448 19664 4 192 0 > portalbrutes 3739 0 0 0 0 0 0 0 > abusives 3739 301 14681 301 14681 0 0 0 > webtrash 3438 0 0 0 0 0 0 0 > bruteforce 3438 0 0 0 0 0 0 0 > longterm 3438 0 0 0 0 0 0 0 > remotex11 3438 0 0 0 0 0 0 0 > man pf.conf is your friend, please consult there before letting > resentment stew for years next time, huh? maybe im so dumb and blind to see pflow here.. and maybe deal not in me. where is pflow?
