PF Statistics
1 view
Skip to first unread message
Doug Hardie
Jun 15, 2025, 12:37:08 PMJun 15
to ques...@freebsd.org
I have been running pftop for several days. Some of the PKTS counts were non-zero yestarday. Today they are zero. The others appear to be reasonable, as in not cleared recently. Table statistics include the date/time when the numbers were last cleared. I could not find anything similar for rules. For example I have a block of anything coming in on the telnet port. Last night it showed 290 PKTS. Today it shows zero. Is there something in pf that periodically clears the statistics? I couldn't find anything in the documentation that addresses this. Thanks,
Update: today it appears that all of the PKTS counts were cleared.
-- Doug
Update: today it appears that all of the PKTS counts were cleared.
-- Doug
Doug Hardie
Aug 14, 2025, 2:07:05 AMAug 14
to ques...@freebsd.org
> On Jun 15, 2025, at 09:36, Doug Hardie <bc...@lafn.org> wrote:
>
> I have been running pftop for several days. Some of the PKTS counts were non-zero yestarday. Today they are zero. The others appear to be reasonable, as in not cleared recently. Table statistics include the date/time when the numbers were last cleared. I could not find anything similar for rules. For example I have a block of anything coming in on the telnet port. Last night it showed 290 PKTS. Today it shows zero. Is there something in pf that periodically clears the statistics? I couldn't find anything in the documentation that addresses this. Thanks,
>
>
> Update: today it appears that all of the PKTS counts were cleared.
After a lot of testing, I have found that the counters are cleared daily between 0301 and 0302. I am not finding any cron activations in that timeframe that appear to affect pf. Is this clearing built into pf?
>
> I have been running pftop for several days. Some of the PKTS counts were non-zero yestarday. Today they are zero. The others appear to be reasonable, as in not cleared recently. Table statistics include the date/time when the numbers were last cleared. I could not find anything similar for rules. For example I have a block of anything coming in on the telnet port. Last night it showed 290 PKTS. Today it shows zero. Is there something in pf that periodically clears the statistics? I couldn't find anything in the documentation that addresses this. Thanks,
>
>
> Update: today it appears that all of the PKTS counts were cleared.
-- Doug
Kevin Oberman
Aug 14, 2025, 6:04:42 PMAug 14
to Doug Hardie, ques...@freebsd.org
Have you looked at periodic(8)? By default the daily runs at 0300 pluss or minus a fuzz value
--
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Arthur Chance
Aug 15, 2025, 2:57:37 AMAug 15
to Kevin Oberman, Doug Hardie, ques...@freebsd.org
On 14/08/2025 21:03, Kevin Oberman wrote:
> On Wed, Aug 13, 2025 at 11:06 PM Doug Hardie <bc...@lafn.org
> <mailto:bc...@lafn.org>> wrote:
>
> > On Jun 15, 2025, at 09:36, Doug Hardie <bc...@lafn.org
> On Wed, Aug 13, 2025 at 11:06 PM Doug Hardie <bc...@lafn.org
> <mailto:bc...@lafn.org>> wrote:
>
> > On Jun 15, 2025, at 09:36, Doug Hardie <bc...@lafn.org
> <mailto:bc...@lafn.org>> wrote:
> >
> > I have been running pftop for several days. Some of the PKTS
> counts were non-zero yestarday. Today they are zero. The others
> appear to be reasonable, as in not cleared recently. Table
> statistics include the date/time when the numbers were last
> cleared. I could not find anything similar for rules. For example
> I have a block of anything coming in on the telnet port. Last night
> it showed 290 PKTS. Today it shows zero. Is there something in pf
> that periodically clears the statistics? I couldn't find anything
> in the documentation that addresses this. Thanks,
> >
> >
> > Update: today it appears that all of the PKTS counts were cleared.
>
> After a lot of testing, I have found that the counters are cleared
> daily between 0301 and 0302. I am not finding any cron activations
> in that timeframe that appear to affect pf. Is this clearing built
> into pf?
>
> -- Doug
>
>
> Have you looked at periodic(8)? By default the daily runs at 0300 pluss
> or minus a fuzz value
/etc/periodic/security/520.pfdenied, line 46:
> >
> > I have been running pftop for several days. Some of the PKTS
> counts were non-zero yestarday. Today they are zero. The others
> appear to be reasonable, as in not cleared recently. Table
> statistics include the date/time when the numbers were last
> cleared. I could not find anything similar for rules. For example
> I have a block of anything coming in on the telnet port. Last night
> it showed 290 PKTS. Today it shows zero. Is there something in pf
> that periodically clears the statistics? I couldn't find anything
> in the documentation that addresses this. Thanks,
> >
> >
> > Update: today it appears that all of the PKTS counts were cleared.
>
> After a lot of testing, I have found that the counters are cleared
> daily between 0301 and 0302. I am not finding any cron activations
> in that timeframe that appear to affect pf. Is this clearing built
> into pf?
>
> -- Doug
>
>
> Have you looked at periodic(8)? By default the daily runs at 0300 pluss
> or minus a fuzz value
pfctl -a "${_a}" -sr -v -z 2>/dev/null | \
That -z clears statistics.
--
We should have listened when the modems screamed at us.
Doug Hardie
Aug 15, 2025, 3:12:11 AMAug 15
to Arthur Chance, Kevin Oberman, Doug Hardie, ques...@freebsd.org
-- Doug
Reply all
Reply to author
Forward
0 new messages