[SOLVED] Firewall rules statistic counters: after what time will they be reset?

Started by JasMan, July 16, 2022, 02:08:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 16, 2022, 02:08:11 PM Last Edit: July 23, 2022, 03:20:09 PM by JasMan
Hey,

I'm often looking onto the "Inspect" page of my firewall rules to check if a rule has been hit.
Now I noticed that the statistics get reset after a short time (1 or 2 hours). As far as I can remember the counters have been never reseted in the past, only if I reloaded the rules.

Is this a new behaviour in 22.1?

Jas Man
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
July 23, 2022, 03:19:27 PM #1
Hi again,

The reset of the counters happens every 15 minutes. It's caused by the scheduled filter reload script, which is executed every 15 minutes when a schedule rule is active. I created a schedule rule some weeks ago, and I didn't saw the connection between this two things until today.

I guess it is not a bug, more an expected behaviour. Not really nice, but OK when you know it.

Make it sense to open a feature request for this?
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
August 01, 2022, 11:25:47 AM #2
Quote from: JasMan on July 23, 2022, 03:19:27 PM
Hi again,

The reset of the counters happens every 15 minutes. It's caused by the scheduled filter reload script, which is executed every 15 minutes when a schedule rule is active. I created a schedule rule some weeks ago, and I didn't saw the connection between this two things until today.

I guess it is not a bug, more an expected behaviour. Not really nice, but OK when you know it.

Make it sense to open a feature request for this?

Interesting as I don't have any scheduled rule but the counters are reset on a regular basis (not sure about the interval of time between reset but it's quite frequent..)

I wonder if there's any way to fix this behavior (I use the Inspect function quite a lot to keep under control how some specific rules behave..., number of it's and amount of data).

Any idea on how to stop the 'reset'?

Thanks :)
August 01, 2022, 11:28:45 AM #3
This does happen on a full pfctl -f run. There isn't any way to retain the previous data if all rules are cleared and readded. They might have changed and there is no way to correlate any of this with previous rules (and their stats).

I think there are ways to modify individual pf rules so that in general stats are retained because other rules are not modified, but that won't work for our system integration.


Cheers,
Franco
August 01, 2022, 02:05:39 PM #4
Thank you @franco.
I will close my feature request #5915 with your answer.
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
Print
Go Up Pages1
User actions