Table of Contents
BSD - PF (Packet Filter) Firewall - Check Performance Info
Display the status and performance counters:
sudo pfctl -s info
returns:
Status: Enabled for 6 days 00:46:20 Debug: Urgent Interface Stats for em1 IPv4 IPv6 Bytes In 1149403503320 33176217 Bytes Out 1150178903082 13839856 Packets In Passed 1766522619 55187 Blocked 72406 295636 Packets Out Passed 1659081080 166266 Blocked 1373 0 State Table Total Rate current entries 385 searches 6921428573 13280.3/s inserts 5940516 11.4/s removals 5940131 11.4/s Counters match 6528801 12.5/s bad-offset 0 0.0/s fragment 999 0.0/s short 0 0.0/s normalize 12 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 2 0.0/s proto-cksum 0 0.0/s state-mismatch 381 0.0/s state-insert 6 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s map-failed 0 0.0/s
Graphing PF Performance Data
pfstat can be used to collect and graph statistics exported through the /dev/pf pseudo-device.
pfstat -q
returns:
1101400143 1101219586 483226347 25637411 0 0 496899 3866 325988 0 0 0 0 0 6 1692642 17030 17024 879499 0 2 0 0 0
NOTE: This queries the current value of each statistics counter.
pfstat uses this data to generate historical utilization graphs, so the data should be collected at periodic intervals if graphs are desired.
The following cron job will collect statistics every five minutes, and write the results to “/var/log/pfstat/pfstat”:
*/5 * * * * /usr/local/bin/pfstat -q >> /var/log/pfstat/pfstat
Graph the data that is collected
A pfstat configuration file is needed.
This file describes the graphs to generate, how to display the data, and where to store the output. The following example shows the pfstat configuration required to graph state table data:
image "/home/peter/pfstat/images/state_table.jpg" { from 3 months to now width 800 height 300 left graph states_entries label "state table entries" color 0 255 0, graph states_searches label "state table searches" color 255 0 0, graph states_inserts label "state table insertions" color 0 0 255, graph states_removals label "state table removals" color 0 0 0 }
NOTE: The pfstat configuration file contains one or more image directives.
Each image directive is followed by the file name of the image to generate, and a set of curly braces to control the attributes of the image.
- from: select the time interval to graph.
- An integer value and a time frame (minutes, hours, days, weeks, months, years) to control how far back pfstat will go when processing data.
- to: select the time interval to graph. * Determines how pfstat processes new data elements. * now indicates the current time. * height: Sets the height in pixels. * width: Sets the width in pixels. * left aligns text on the left side of the graph. * right would align text on the right side. * graph** statements:
- Control which data is graphed.
- pfstat can graph packets, bytes, state table information, and several miscellaneous packet counters.
- The label assigned to the graph.
- The colors used to create the entries on the graph.
Execute pfstat, and pass the configuration and data file as arguments:
pfstat -c /etc/pfstat/pfstat.conf -d /var/log/pfstat/pfstat >/dev/null
Example pfstat config file
Here is a pfstat.conf to graph IPv4, IPv6, and state table information:
image "/var/www/htdocs/pfstat/ipv4_bytes.jpg" { from 3 months to now width 800 height 300 left graph bytes_v4_in label "incoming" color 0 255 0, graph bytes_v4_out label "outgoing" color 255 0 0 } image "/var/www/htdocs/pfstat/ipv6_bytes.jpg" { from 3 months to now width 800 height 300 left graph bytes_v6_in label "incoming" color 0 255 0, graph bytes_v6_out label "outgoing" color 255 0 0 } image "/var/www/htdocs/pfstat/ipv4_connections.jpg" { from 3 months to now width 800 height 300 left graph packets_v4_in_pass label "passed in v4" color 0 255 0, graph packets_v4_out_pass label "passed out v4" color 255 0 0, graph packets_v4_in_drop label "dropped in v4" color 0 0 255, graph packets_v4_out_drop label "dropped out v4" color 255 0 255 } image "/var/www/htdocs/pfstat/ipv6_connections.jpg" { from 3 months to now width 800 height 300 left graph packets_v6_in_pass label "passed in v4" color 0 255 0, graph packets_v6_out_pass label "passed out v4" color 255 0 0, graph packets_v6_in_drop label "dropped in v4" color 0 0 255, graph packets_v6_out_drop label "dropped out v4" color 0 0 0 } image "/var/www/htdocs/pfstat/state_table.jpg" { from 3 months to now width 800 height 300 left graph states_entries label "state table entries" color 0 255 0, graph states_searches label "state table searches" color 255 0 0, graph states_inserts label "state table insertions" color 0 0 255, graph states_removals label "state table removals" color 0 0 0 }