eyeonPF
eyeonPF is a tool I wrote to help me tune PF (OpenBSD) firewalls. The goal was to make it as easy to install and use as possible.
Note: eyeonPF only supports CBQ, as it's what I'm using on the firewalls I manage.
- Install RRDtool and Python from ports
- Enable OpenBSD standard apache and permit access to it
- Create directories for data and web (I use /var/eyeonPF for data and /var/www/htdocs/eyeonPF for web)
- Run eyeonPF from the command line to see that everything is ok. Example: eyeonPF.py -d /var/eyeonPF/ -w /var/www/htdocs/eyeonPF/ -pd -ma
- Run eyeonPF from crontab every five minutes
That's it.
eyeonPF runs the commands "uname -a", "pfctl -s info", "pfctl -s queue -v" and "pfctl -s label" so
the user running eyeonPF needs the privileges to run these commands.
I run this script as root with this entry in crontab
*/5 *
*
*
* /root/local/bin/eyeonPF.py -d
/var/eyeonPF/ -w /var/www/htdocs/eyeonPF/ -pd,w -ma > /dev/null
2>&1
Make sure that python and rrdtool are in the path or the script will be unable to function.
Download eyeonPF from here.
Manual included:
root@stella# eyeonPF.py -h
usage: eyeonPF.py [options]
...
Have fun
/Tony