Closed GuillaumeHullin closed 4 months ago
rbicelli
commented
7 months ago Hi! I think is easy to implement with pfctl command:
pfctl -sm
states hard limit 809000
src-nodes hard limit 809000
frags hard limit 5000
table-entries hard limit 1200000For example, for table usage, the syntax could be:
pfctl -s info | grep "current entries" | tr -s ' ' | cut -d " " -f4
GuillaumeHullin
commented
7 months ago For example, for table usage, the syntax could be:
pfctl -s info | grep "current entries" | tr -s ' ' | cut -d " " -f4
Correct me if I'm wrong but this is the state table.
I went through the link you sent (btw, now I know what "pf" means in the name pfSense)
Is this command make a logical result for you?
pfctl -vvsTables | grep 'Addresses: ' | awk '{sum += $2} END {print sum}'Looks like that
pfctl -s info | grep "current entries" | tr -s ' ' | cut -d " " -f4Outputs a value closer to this:
pfctl -vvsTables | grep 'Addresses: ' | awk '{sum += $2} END {print sum}'outputs a value way higher than what is displayed in GUI (in my case 17281).
rbicelli
commented
7 months ago Sorry, I read with more attention what you wrote. You want to monitor not only the state table but the whole table usage, so your one-liner return more meaningful value.
This is not an issue but an idea.
I encountered a problem with my pfSense recently, where my table-entries hard limit was too low. In the GUI it's under "Firewall Maximum Table Entries" (https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html)
I was wondering if we could monitor the two items:
The trigger would be "Firewall Maximum Table Entries is too low" when Table Usage Count is more than half Maximum Table Entries.
The only place I could find the Table Usage Count is in the Update of pfBlocker (at the end).
Anybody have an idea which command to use?