Firewall rules hit counter
I'd like to request a hit counter for firewall rules. When viewing the rules, there would be a new column with a count of connection attempts that was accepted or denied by a rule. As well, a rule counter reset button to easily be reset a rule or all rules with a button.
Reasons for this:
1) Makes troubleshooting easier, you can see when a rule is properly being hit when you initiate traffic and the counter goes up for that rule.
2) Helps a firewall admin identify dead rules that are no longer needed during a firewall rule audit.
3) Helps to identify attacks against the network, narrowing it down to certain traffic more quickly by watching the counters.
4) Identifies hot rules that need to be moved to the top of the firewall list for optimization. I like to order my rules in order of usage where possible for performance reasons.
Updated by Travis Kreikemeier about 6 years ago
Marcello, that is awesome! The bytes, packets and states are a very nice touch. However, the evaluations is kind of not helpful. As that is incremented every time a rule is evaluated. Meaning if the rule was in front of a rule that allowed or disallowed the traffic, it would still have been counted as evaluated as it was inspected to see if it matched the traffic. I wish pf had a hit or action count. Or maybe it does and I am just not aware.