Created attachment 165917 [details] 520.pfdenied patch to add -z flag /etc/periodic/security/520.pfdenied produces reports based on /var/log/pf.today and /var/log/pf.yesterday This implies that the counts in the report are for one day only. The counter is never reset, so the counts are cumulative and therefore not particularly useful as reported. Add the "-z" flag to the pfctl command in 520.pf.denied so that the stats are zeroed daily
A commit references this bug: Author: lidl Date: Tue Feb 9 21:00:39 UTC 2016 New revision: 295452 URL: https://svnweb.freebsd.org/changeset/base/295452 Log: Zero pf rule counters so daily reports make sense Zero pf rule counters so that each daily report lists an absolute number of rejected packets, not the total since the last time the machine rebooted (or the counters were manually cleared). PR: 206467 Submitted by: Rick Adams Approved by: rpaulo (mentor) Differential Revision: https://reviews.freebsd.org/D5172 Changes: head/etc/periodic/security/520.pfdenied
There is a commit referencing this PR, but it's still not closed and has been inactive for some time. Closing the PR as fixed but feel free to re-open it if the issue hasn't been completely resolved. Thanks