Feature #3504
closed
Firewall rules hit counter
0%
Description
I'd like to request a hit counter for firewall rules. When viewing the rules, there would be a new column with a count of connection attempts that was accepted or denied by a rule. As well, a rule counter reset button to easily be reset a rule or all rules with a button.
Reasons for this:
1) Makes troubleshooting easier, you can see when a rule is properly being hit when you initiate traffic and the counter goes up for that rule.
2) Helps a firewall admin identify dead rules that are no longer needed during a firewall rule audit.
3) Helps to identify attacks against the network, narrowing it down to certain traffic more quickly by watching the counters.
4) Identifies hot rules that need to be moved to the top of the firewall list for optimization. I like to order my rules in order of usage where possible for performance reasons.
Files
Updated by Chris Buechler over 10 years ago
- Target version deleted (
2.2) - Affected Version deleted (
All)
Updated by Marcello Silva Coutinho over 9 years ago
- File rule_count.png rule_count.png added
with few modifications and a new function, I've got this result.
Is there any info about how often does pfctrl clean counters?
Is it related to /tmp/rules.debug call?
Updated by Travis Kreikemeier over 9 years ago
Marcello, that is awesome! The bytes, packets and states are a very nice touch. However, the evaluations is kind of not helpful. As that is incremented every time a rule is evaluated. Meaning if the rule was in front of a rule that allowed or disallowed the traffic, it would still have been counted as evaluated as it was inspected to see if it matched the traffic. I wish pf had a hit or action count. Or maybe it does and I am just not aware.
Updated by Chris Buechler almost 9 years ago
- Status changed from New to Resolved
- Target version set to 2.3
Marcello's change there has been implemented in 2.3. That addresses subject as best possible