Feature #14611
closed
tracking flows and added context
0%
Description
pfSense does not have a cleaner way to track flows going through the firewall.
Seeing if a packet matches a rule is good but there isnt much information related to that flow that can be gathered.
Bytes sent and received are an excellent way to know there is bidir communication happening and can eliminate routing/firewall issues during the course of troubleshooting. Or perhaps how much data was exchanged for a particular session on a specific date? If the firewall is the central device controlling flows, today there is no way to get basic context about flows
Not sure how this would work in its current state. Lots of data in a high-volume environment and so a database would need to be installed as well. sqlite with an option for an external database.
Overall, I am advocating for a bit more data if possible to be gathered by established flows from pf.
I did start a forum question on this.
https://forum.netgate.com/topic/181758/tracking-flows/3?_=1690295939884
Updated by Jim Pingle about 2 years ago
- Status changed from New to Rejected
That's what ntop/softflowd/netflow in general are for. That sort of data storage and drill-down shouldn't be happening on the firewall, ideally. You'd want to be storing that elsewhere for processing over time.
You can get a lot of that with ntopng on the firewall, but you have to watch its disk space/CPU usage carefully.