Hermes Ojeda Ruiz <hermes....@gmail.com> writes: > I'm working with a OpenBSD firewall on embedded hardware, and the client > want to know the bandwidth consume by IP address. > > I don't know if this is possible using PF, another tool or making scripts to > get the information.
There are a few options available. One is to write the rule set with labels to collect statistics, making sure the labels are one per IP address. The other main option is to use pflow(4), with 'set state-defaults pflow' or 'keep state (pflow)' for individual rules in your rule set, set up a collector somewhere and extract the data you need per IP address. If you go for pflow, the pflow man page will get you started. I'd recommend taking a look at Michael W. Lucas' recent book for the Netflow analysis part, while the upcoming second edition of the Book of PF contains a bit of material about both approaches too (the first edition has only the labels part). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
