if memory serves set logingterface for anything but a single
interface doesn't lead to the intended results, so this is on purpose.
unless you fix the code so that pfctl -si shows the sum for all
interfaces in the given group, there is no point at all.
* Han Boetes <han@mijncomputer.nl> [2010-12-16 12:16]:
quoted text > Hi,
>
> I took a leap of faith and discovered some options not mentioned
> in pf.conf(5). What do you think of this patch?
>
>
> Index: share/man/man5/pf.conf.5
> ===================================================================
> RCS file: /cvs/src/share/man/man5/pf.conf.5,v
> retrieving revision 1.476
> diff -u -r1.476 pf.conf.5
> --- share/man/man5/pf.conf.5 19 May 2010 13:51:37 -0000 1.476
> +++ share/man/man5/pf.conf.5 16 Dec 2010 09:49:23 -0000
> @@ -1057,15 +1057,15 @@
> .Pp
> .Dl # pfctl -s info
> .Pp
> -In this example
> +You can set on which interfaces
> .Xr pf 4
> -collects statistics on the interface named dc0:
> +collects statistics with:
> .Pp
> -.Dl set loginterface dc0
> +.Dl set loginterface [if|ifgroup|none|all]
> .Pp
> -One can disable the loginterface using:
> +For example, you can enable logging both bge0 and bge1 with:
> .Pp
> -.Dl set loginterface none
> +.Dl set loginterface bge
> .It Ar set optimization
> Optimize state timeouts for one of the following network environments:
> .Pp
> @@ -2608,7 +2608,7 @@
> [ "optimization" [ "default" | "normal" | "high-latency" |
> "satellite" | "aggressive" | "conservative" ] ]
> [ "limit" ( limit-item | "{" limit-list "}" ) ] |
> - [ "loginterface" ( interface-name | "none" ) ] |
> + [ "loginterface" ( interface-name | interface-group | "none" | "all" ) ] |
> [ "block-policy" ( "drop" | "return" ) ] |
> [ "state-policy" ( "if-bound" | "floating" ) ]
> [ "state-defaults" state-opts ]
>
>
>
>
> # Han
>
--
Henning Brauer,
hb@bsws.de ,
henning@openbsd.org
BS Web Services,
http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
