1-- 2-- ---------------------------------------------------------------------------- 3-- "THE BEER-WARE LICENSE" (Revision 42): 4-- <philip@FreeBSD.org> wrote this file. As long as you retain this notice you 5-- can do whatever you want with this stuff. If we meet some day, and you think 6-- this stuff is worth it, you can buy me a beer in return. -Philip Paeps 7-- ---------------------------------------------------------------------------- 8-- 9-- $FreeBSD$ 10-- 11 12BEGEMOT-PF-MIB DEFINITIONS ::= BEGIN 13 14IMPORTS 15 MODULE-IDENTITY, OBJECT-TYPE, Counter64, Integer32, 16 TimeTicks, Unsigned32 17 FROM SNMPv2-SMI 18 TruthValue 19 FROM SNMPv2-TC 20 InetAddress, InetAddressType, InetAddressPrefixLength 21 FROM INET-ADDRESS-MIB 22 begemot 23 FROM BEGEMOT-MIB; 24 25begemotPf MODULE-IDENTITY 26 LAST-UPDATED "201003180000Z" 27 ORGANIZATION "NixSys BVBA" 28 CONTACT-INFO 29 " Philip Paeps 30 31 Postal: NixSys BVBA 32 Louizastraat 14 33 BE-2800 Mechelen 34 Belgium 35 36 E-Mail: philip@FreeBSD.org" 37 DESCRIPTION 38 "The Begemot MIB for the pf packet filter." 39 REVISION "201003180000Z" 40 DESCRIPTION 41 "Modified pfTablesAddrEntry to support IPv6 42 addresses - added pfTablesAddrNetType column 43 and modified type of pfTablesAddrNet to 44 InetAddress." 45 REVISION "200912050000Z" 46 DESCRIPTION 47 "Added support for retrieving counters of labeled 48 pf filter rules via pfLabelspfLabels subtree." 49 REVISION "200501240000Z" 50 DESCRIPTION 51 "Initial revision." 52 53 ::= { begemot 200 } 54 55begemotPfObjects OBJECT IDENTIFIER ::= { begemotPf 1 } 56 57-- -------------------------------------------------------------------------- 58 59pfStatus OBJECT IDENTIFIER ::= { begemotPfObjects 1 } 60pfCounter OBJECT IDENTIFIER ::= { begemotPfObjects 2 } 61pfStateTable OBJECT IDENTIFIER ::= { begemotPfObjects 3 } 62pfSrcNodes OBJECT IDENTIFIER ::= { begemotPfObjects 4 } 63pfLimits OBJECT IDENTIFIER ::= { begemotPfObjects 5 } 64pfTimeouts OBJECT IDENTIFIER ::= { begemotPfObjects 6 } 65pfLogInterface OBJECT IDENTIFIER ::= { begemotPfObjects 7 } 66pfInterfaces OBJECT IDENTIFIER ::= { begemotPfObjects 8 } 67pfTables OBJECT IDENTIFIER ::= { begemotPfObjects 9 } 68pfAltq OBJECT IDENTIFIER ::= { begemotPfObjects 10 } 69pfLabels OBJECT IDENTIFIER ::= { begemotPfObjects 11 } 70 71-- -------------------------------------------------------------------------- 72 73-- 74-- status information 75-- 76 77pfStatusRunning OBJECT-TYPE 78 SYNTAX TruthValue 79 MAX-ACCESS read-only 80 STATUS current 81 DESCRIPTION 82 "True if pf is currently enabled." 83 ::= { pfStatus 1 } 84 85pfStatusRuntime OBJECT-TYPE 86 SYNTAX TimeTicks 87 UNITS "1/100th of a Second" 88 MAX-ACCESS read-only 89 STATUS current 90 DESCRIPTION 91 "Indicates how long pf has been enabled. If pf is not currently 92 enabled, indicates how long it has been disabled. If pf has not 93 been enabled or disabled since the system was started, the value 94 will be 0." 95 ::= { pfStatus 2 } 96 97pfStatusDebug OBJECT-TYPE 98 SYNTAX INTEGER { none(0), urgent(1), misc(2), loud(3) } 99 MAX-ACCESS read-only 100 STATUS current 101 DESCRIPTION 102 "Indicates the debug level at which pf is running." 103 ::= { pfStatus 3 } 104 105pfStatusHostId OBJECT-TYPE 106 SYNTAX OCTET STRING 107 MAX-ACCESS read-only 108 STATUS current 109 DESCRIPTION 110 "The (unique) host identifier of the machine running pf." 111 ::= { pfStatus 4 } 112 113-- -------------------------------------------------------------------------- 114 115-- 116-- counters 117-- 118 119pfCounterMatch OBJECT-TYPE 120 SYNTAX Counter64 121 MAX-ACCESS read-only 122 STATUS current 123 DESCRIPTION 124 "Number of packets that matched a filter rule." 125 ::= { pfCounter 1 } 126 127pfCounterBadOffset OBJECT-TYPE 128 SYNTAX Counter64 129 MAX-ACCESS read-only 130 STATUS current 131 DESCRIPTION 132 "Number of packets with bad offset." 133 ::= { pfCounter 2 } 134 135pfCounterFragment OBJECT-TYPE 136 SYNTAX Counter64 137 MAX-ACCESS read-only 138 STATUS current 139 DESCRIPTION 140 "Number of fragmented packets." 141 ::= { pfCounter 3 } 142 143pfCounterShort OBJECT-TYPE 144 SYNTAX Counter64 145 MAX-ACCESS read-only 146 STATUS current 147 DESCRIPTION 148 "Number of short packets." 149 ::= { pfCounter 4 } 150 151pfCounterNormalize OBJECT-TYPE 152 SYNTAX Counter64 153 MAX-ACCESS read-only 154 STATUS current 155 DESCRIPTION 156 "Number of normalized packets." 157 ::= { pfCounter 5 } 158 159pfCounterMemDrop OBJECT-TYPE 160 SYNTAX Counter64 161 MAX-ACCESS read-only 162 STATUS current 163 DESCRIPTION 164 "Number of packets dropped due to memory limitations." 165 ::= { pfCounter 6 } 166 167-- -------------------------------------------------------------------------- 168 169-- 170-- state table 171-- 172 173pfStateTableCount OBJECT-TYPE 174 SYNTAX Unsigned32 175 MAX-ACCESS read-only 176 STATUS current 177 DESCRIPTION 178 "Number of entries in the state table." 179 ::= { pfStateTable 1 } 180 181pfStateTableSearches OBJECT-TYPE 182 SYNTAX Counter64 183 MAX-ACCESS read-only 184 STATUS current 185 DESCRIPTION 186 "Number of searches against the state table." 187 ::= { pfStateTable 2 } 188 189pfStateTableInserts OBJECT-TYPE 190 SYNTAX Counter64 191 MAX-ACCESS read-only 192 STATUS current 193 DESCRIPTION 194 "Number of entries inserted into the state table." 195 ::= { pfStateTable 3 } 196 197pfStateTableRemovals OBJECT-TYPE 198 SYNTAX Counter64 199 MAX-ACCESS read-only 200 STATUS current 201 DESCRIPTION 202 "Number of entries removed from the state table." 203 ::= { pfStateTable 4 } 204 205-- -------------------------------------------------------------------------- 206 207-- 208-- source nodes 209-- 210 211pfSrcNodesCount OBJECT-TYPE 212 SYNTAX Unsigned32 213 MAX-ACCESS read-only 214 STATUS current 215 DESCRIPTION 216 "Number of entries in the source tracking table." 217 ::= { pfSrcNodes 1 } 218 219pfSrcNodesSearches OBJECT-TYPE 220 SYNTAX Counter64 221 MAX-ACCESS read-only 222 STATUS current 223 DESCRIPTION 224 "Number of searches against the source tracking table." 225 ::= { pfSrcNodes 2 } 226 227pfSrcNodesInserts OBJECT-TYPE 228 SYNTAX Counter64 229 MAX-ACCESS read-only 230 STATUS current 231 DESCRIPTION 232 "Number of entries inserted into the source tracking table." 233 ::= { pfSrcNodes 3 } 234 235pfSrcNodesRemovals OBJECT-TYPE 236 SYNTAX Counter64 237 MAX-ACCESS read-only 238 STATUS current 239 DESCRIPTION 240 "Number of entries removed from the source tracking table." 241 ::= { pfSrcNodes 4 } 242 243-- -------------------------------------------------------------------------- 244 245-- 246-- limits 247-- 248 249pfLimitsStates OBJECT-TYPE 250 SYNTAX Unsigned32 251 MAX-ACCESS read-only 252 STATUS current 253 DESCRIPTION 254 "Maximum number of 'keep state' rules in the ruleset." 255 ::= { pfLimits 1 } 256 257pfLimitsSrcNodes OBJECT-TYPE 258 SYNTAX Unsigned32 259 MAX-ACCESS read-only 260 STATUS current 261 DESCRIPTION 262 "Maximum number of 'sticky-address' or 'source-track' rules 263 in the ruleset." 264 ::= { pfLimits 2 } 265 266pfLimitsFrags OBJECT-TYPE 267 SYNTAX Unsigned32 268 MAX-ACCESS read-only 269 STATUS current 270 DESCRIPTION 271 "Maximum number of 'scrub' rules in the ruleset." 272 ::= { pfLimits 3 } 273 274-- -------------------------------------------------------------------------- 275 276-- 277-- timeouts 278-- 279 280pfTimeoutsTcpFirst OBJECT-TYPE 281 SYNTAX Integer32 282 MAX-ACCESS read-only 283 STATUS current 284 DESCRIPTION 285 "State after the first packet in a connection." 286 ::= { pfTimeouts 1 } 287 288pfTimeoutsTcpOpening OBJECT-TYPE 289 SYNTAX Integer32 290 MAX-ACCESS read-only 291 STATUS current 292 DESCRIPTION 293 "State before the destination host ever sends a packet." 294 ::= { pfTimeouts 2 } 295 296pfTimeoutsTcpEstablished OBJECT-TYPE 297 SYNTAX Integer32 298 MAX-ACCESS read-only 299 STATUS current 300 DESCRIPTION 301 "The fully established state." 302 ::= { pfTimeouts 3 } 303 304pfTimeoutsTcpClosing OBJECT-TYPE 305 SYNTAX Integer32 306 MAX-ACCESS read-only 307 STATUS current 308 DESCRIPTION 309 "State after the first FIN has been sent." 310 ::= { pfTimeouts 4 } 311 312pfTimeoutsTcpFinWait OBJECT-TYPE 313 SYNTAX Integer32 314 MAX-ACCESS read-only 315 STATUS current 316 DESCRIPTION 317 "State after both FINs have been exchanged and the 318 connection is closed." 319 ::= { pfTimeouts 5 } 320 321pfTimeoutsTcpClosed OBJECT-TYPE 322 SYNTAX Integer32 323 MAX-ACCESS read-only 324 STATUS current 325 DESCRIPTION 326 "State after one endpoint sends an RST." 327 ::= { pfTimeouts 6 } 328 329pfTimeoutsUdpFirst OBJECT-TYPE 330 SYNTAX Integer32 331 MAX-ACCESS read-only 332 STATUS current 333 DESCRIPTION 334 "State after the first packet." 335 ::= { pfTimeouts 7 } 336 337pfTimeoutsUdpSingle OBJECT-TYPE 338 SYNTAX Integer32 339 MAX-ACCESS read-only 340 STATUS current 341 DESCRIPTION 342 "State if the source host sends more than one packet but 343 the destination host has never sent one back." 344 ::= { pfTimeouts 8 } 345 346pfTimeoutsUdpMultiple OBJECT-TYPE 347 SYNTAX Integer32 348 MAX-ACCESS read-only 349 STATUS current 350 DESCRIPTION 351 "State if both hosts have sent packets." 352 ::= { pfTimeouts 9 } 353 354pfTimeoutsIcmpFirst OBJECT-TYPE 355 SYNTAX Integer32 356 MAX-ACCESS read-only 357 STATUS current 358 DESCRIPTION 359 "State after the first packet." 360 ::= { pfTimeouts 10 } 361 362pfTimeoutsIcmpError OBJECT-TYPE 363 SYNTAX Integer32 364 MAX-ACCESS read-only 365 STATUS current 366 DESCRIPTION 367 "State after an ICMP error came back in response to an 368 ICMP packet." 369 ::= { pfTimeouts 11 } 370 371pfTimeoutsOtherFirst OBJECT-TYPE 372 SYNTAX Integer32 373 MAX-ACCESS read-only 374 STATUS current 375 DESCRIPTION 376 "State after the first packet." 377 ::= { pfTimeouts 12 } 378 379pfTimeoutsOtherSingle OBJECT-TYPE 380 SYNTAX Integer32 381 MAX-ACCESS read-only 382 STATUS current 383 DESCRIPTION 384 "State if the source host sends more than one packet but 385 the destination host has never sent one back." 386 ::= { pfTimeouts 13 } 387 388pfTimeoutsOtherMultiple OBJECT-TYPE 389 SYNTAX Integer32 390 MAX-ACCESS read-only 391 STATUS current 392 DESCRIPTION 393 "State if both hosts have sent packets." 394 ::= { pfTimeouts 14 } 395 396pfTimeoutsFragment OBJECT-TYPE 397 SYNTAX Integer32 398 MAX-ACCESS read-only 399 STATUS current 400 DESCRIPTION 401 "Seconds before an unassembled fragment is expired." 402 ::= { pfTimeouts 15 } 403 404pfTimeoutsInterval OBJECT-TYPE 405 SYNTAX Integer32 406 MAX-ACCESS read-only 407 STATUS current 408 DESCRIPTION 409 "Interval between purging expired states and fragments." 410 ::= { pfTimeouts 16 } 411 412pfTimeoutsAdaptiveStart OBJECT-TYPE 413 SYNTAX Integer32 414 MAX-ACCESS read-only 415 STATUS current 416 DESCRIPTION 417 "When the number of state entries exceeds this value, 418 adaptive scaling begins." 419 ::= { pfTimeouts 17 } 420 421pfTimeoutsAdaptiveEnd OBJECT-TYPE 422 SYNTAX Integer32 423 MAX-ACCESS read-only 424 STATUS current 425 DESCRIPTION 426 "When reaching this number of state entries, all timeout 427 values become zero, effectively purging all state entries 428 immediately." 429 ::= { pfTimeouts 18 } 430 431pfTimeoutsSrcNode OBJECT-TYPE 432 SYNTAX Integer32 433 MAX-ACCESS read-only 434 STATUS current 435 DESCRIPTION 436 "Length of time to retain a source tracking entry after 437 the last state expires." 438 ::= { pfTimeouts 19 } 439 440-- -------------------------------------------------------------------------- 441 442-- 443-- log interface 444-- 445 446pfLogInterfaceName OBJECT-TYPE 447 SYNTAX OCTET STRING 448 MAX-ACCESS read-only 449 STATUS current 450 DESCRIPTION 451 "The name of the interface configured with 'set loginterface'. 452 If no interface has been configured, the object will be empty." 453 ::= { pfLogInterface 1 } 454 455pfLogInterfaceIp4BytesIn OBJECT-TYPE 456 SYNTAX Counter64 457 MAX-ACCESS read-only 458 STATUS current 459 DESCRIPTION 460 "Number of IPv4 bytes passed in on the loginterface." 461 ::= { pfLogInterface 2 } 462 463pfLogInterfaceIp4BytesOut OBJECT-TYPE 464 SYNTAX Counter64 465 MAX-ACCESS read-only 466 STATUS current 467 DESCRIPTION 468 "Number of IPv4 bytes passed out on the loginterface." 469 ::= { pfLogInterface 3 } 470 471pfLogInterfaceIp4PktsInPass OBJECT-TYPE 472 SYNTAX Counter64 473 MAX-ACCESS read-only 474 STATUS current 475 DESCRIPTION 476 "Number of IPv4 packets passed in on the loginterface." 477 ::= { pfLogInterface 4 } 478 479pfLogInterfaceIp4PktsInDrop OBJECT-TYPE 480 SYNTAX Counter64 481 MAX-ACCESS read-only 482 STATUS current 483 DESCRIPTION 484 "Number of IPv4 packets dropped coming in on the loginterface." 485 ::= { pfLogInterface 5 } 486 487pfLogInterfaceIp4PktsOutPass OBJECT-TYPE 488 SYNTAX Counter64 489 MAX-ACCESS read-only 490 STATUS current 491 DESCRIPTION 492 "Number of IPv4 packets passed out on the loginterface." 493 ::= { pfLogInterface 6 } 494 495pfLogInterfaceIp4PktsOutDrop OBJECT-TYPE 496 SYNTAX Counter64 497 MAX-ACCESS read-only 498 STATUS current 499 DESCRIPTION 500 "Number of IPv4 packets dropped going out on the loginterface." 501 ::= { pfLogInterface 7 } 502 503pfLogInterfaceIp6BytesIn OBJECT-TYPE 504 SYNTAX Counter64 505 MAX-ACCESS read-only 506 STATUS current 507 DESCRIPTION 508 "Number of IPv6 bytes passed in on the loginterface." 509 ::= { pfLogInterface 8 } 510 511pfLogInterfaceIp6BytesOut OBJECT-TYPE 512 SYNTAX Counter64 513 MAX-ACCESS read-only 514 STATUS current 515 DESCRIPTION 516 "Number of IPv6 bytes passed out on the loginterface." 517 ::= { pfLogInterface 9 } 518 519pfLogInterfaceIp6PktsInPass OBJECT-TYPE 520 SYNTAX Counter64 521 MAX-ACCESS read-only 522 STATUS current 523 DESCRIPTION 524 "Number of IPv6 packets passed in on the loginterface." 525 ::= { pfLogInterface 10 } 526 527pfLogInterfaceIp6PktsInDrop OBJECT-TYPE 528 SYNTAX Counter64 529 MAX-ACCESS read-only 530 STATUS current 531 DESCRIPTION 532 "Number of IPv6 packets dropped coming in on the loginterface." 533 ::= { pfLogInterface 11 } 534 535pfLogInterfaceIp6PktsOutPass OBJECT-TYPE 536 SYNTAX Counter64 537 MAX-ACCESS read-only 538 STATUS current 539 DESCRIPTION 540 "Number of IPv6 packets passed out on the loginterface." 541 ::= { pfLogInterface 12 } 542 543pfLogInterfaceIp6PktsOutDrop OBJECT-TYPE 544 SYNTAX Counter64 545 MAX-ACCESS read-only 546 STATUS current 547 DESCRIPTION 548 "Number of IPv6 packets dropped going out on the loginterface." 549 ::= { pfLogInterface 13 } 550 551-- -------------------------------------------------------------------------- 552 553-- 554-- interfaces 555-- 556 557pfInterfacesIfNumber OBJECT-TYPE 558 SYNTAX Integer32 559 MAX-ACCESS read-only 560 STATUS current 561 DESCRIPTION 562 "The number of network interfaces on this system." 563 ::= { pfInterfaces 1 } 564 565pfInterfacesIfTable OBJECT-TYPE 566 SYNTAX SEQUENCE OF PfInterfacesIfEntry 567 MAX-ACCESS not-accessible 568 STATUS current 569 DESCRIPTION 570 "Table of network interfaces, indexed on pfInterfacesIfNumber." 571 ::= { pfInterfaces 2 } 572 573pfInterfacesIfEntry OBJECT-TYPE 574 SYNTAX PfInterfacesIfEntry 575 MAX-ACCESS not-accessible 576 STATUS current 577 DESCRIPTION 578 "An entry in the pfInterfacesIfTable containing information 579 about a particular network interface in the machine." 580 INDEX { pfInterfacesIfIndex } 581 ::= { pfInterfacesIfTable 1 } 582 583PfInterfacesIfEntry ::= SEQUENCE { 584 pfInterfacesIfIndex Integer32, 585 pfInterfacesIfDescr OCTET STRING, 586 pfInterfacesIfType INTEGER, 587 pfInterfacesIfTZero TimeTicks, 588 pfInterfacesIfRefsState Unsigned32, 589 pfInterfacesIfRefsRule Unsigned32, 590 pfInterfacesIf4BytesInPass Counter64, 591 pfInterfacesIf4BytesInBlock Counter64, 592 pfInterfacesIf4BytesOutPass Counter64, 593 pfInterfacesIf4BytesOutBlock Counter64, 594 pfInterfacesIf4PktsInPass Counter64, 595 pfInterfacesIf4PktsInBlock Counter64, 596 pfInterfacesIf4PktsOutPass Counter64, 597 pfInterfacesIf4PktsOutBlock Counter64, 598 pfInterfacesIf6BytesInPass Counter64, 599 pfInterfacesIf6BytesInBlock Counter64, 600 pfInterfacesIf6BytesOutPass Counter64, 601 pfInterfacesIf6BytesOutBlock Counter64, 602 pfInterfacesIf6PktsInPass Counter64, 603 pfInterfacesIf6PktsInBlock Counter64, 604 pfInterfacesIf6PktsOutPass Counter64, 605 pfInterfacesIf6PktsOutBlock Counter64 606} 607 608pfInterfacesIfIndex OBJECT-TYPE 609 SYNTAX Integer32 (1..2147483647) 610 MAX-ACCESS not-accessible 611 STATUS current 612 DESCRIPTION 613 "A unique value, greater than zero, for each interface." 614 ::= { pfInterfacesIfEntry 1 } 615 616pfInterfacesIfDescr OBJECT-TYPE 617 SYNTAX OCTET STRING 618 MAX-ACCESS read-only 619 STATUS current 620 DESCRIPTION 621 "The name of the interface." 622 ::= { pfInterfacesIfEntry 2 } 623 624pfInterfacesIfType OBJECT-TYPE 625 SYNTAX INTEGER { group(0), instance(1), detached(2) } 626 MAX-ACCESS read-only 627 STATUS current 628 DESCRIPTION 629 "Indicates whether the interface is a group inteface, an 630 interface instance, or whether it has been removed or 631 destroyed." 632 ::= { pfInterfacesIfEntry 3 } 633 634pfInterfacesIfTZero OBJECT-TYPE 635 SYNTAX TimeTicks 636 UNITS "1/100th of a Second" 637 MAX-ACCESS read-only 638 STATUS current 639 DESCRIPTION 640 "Time since statistics were last reset or since the 641 interface was loaded." 642 ::= { pfInterfacesIfEntry 4 } 643 644pfInterfacesIfRefsState OBJECT-TYPE 645 SYNTAX Unsigned32 646 MAX-ACCESS read-only 647 STATUS current 648 DESCRIPTION 649 "The number of state and/or source track entries referencing 650 this interface." 651 ::= { pfInterfacesIfEntry 5 } 652 653pfInterfacesIfRefsRule OBJECT-TYPE 654 SYNTAX Unsigned32 655 MAX-ACCESS read-only 656 STATUS current 657 DESCRIPTION 658 "The number of rules referencing this interface." 659 ::= { pfInterfacesIfEntry 6 } 660 661pfInterfacesIf4BytesInPass OBJECT-TYPE 662 SYNTAX Counter64 663 MAX-ACCESS read-only 664 STATUS current 665 DESCRIPTION 666 "The number of IPv4 bytes passed coming in on this interface." 667 ::= { pfInterfacesIfEntry 7 } 668 669pfInterfacesIf4BytesInBlock OBJECT-TYPE 670 SYNTAX Counter64 671 MAX-ACCESS read-only 672 STATUS current 673 DESCRIPTION 674 "The number of IPv4 bytes blocked coming in on this interface." 675 ::= { pfInterfacesIfEntry 8 } 676 677pfInterfacesIf4BytesOutPass OBJECT-TYPE 678 SYNTAX Counter64 679 MAX-ACCESS read-only 680 STATUS current 681 DESCRIPTION 682 "The number of IPv4 bytes passed going out on this interface." 683 ::= { pfInterfacesIfEntry 9 } 684 685pfInterfacesIf4BytesOutBlock OBJECT-TYPE 686 SYNTAX Counter64 687 MAX-ACCESS read-only 688 STATUS current 689 DESCRIPTION 690 "The number of IPv4 bytes blocked going out on this interface." 691 ::= { pfInterfacesIfEntry 10 } 692 693pfInterfacesIf4PktsInPass OBJECT-TYPE 694 SYNTAX Counter64 695 MAX-ACCESS read-only 696 STATUS current 697 DESCRIPTION 698 "The number of IPv4 packets passed coming in on this interface." 699 ::= { pfInterfacesIfEntry 11 } 700 701pfInterfacesIf4PktsInBlock OBJECT-TYPE 702 SYNTAX Counter64 703 MAX-ACCESS read-only 704 STATUS current 705 DESCRIPTION 706 "The number of IPv4 packets blocked coming in on this interface." 707 ::= { pfInterfacesIfEntry 12 } 708 709pfInterfacesIf4PktsOutPass OBJECT-TYPE 710 SYNTAX Counter64 711 MAX-ACCESS read-only 712 STATUS current 713 DESCRIPTION 714 "The number of IPv4 packets passed going out on this interface." 715 ::= { pfInterfacesIfEntry 13 } 716 717pfInterfacesIf4PktsOutBlock OBJECT-TYPE 718 SYNTAX Counter64 719 MAX-ACCESS read-only 720 STATUS current 721 DESCRIPTION 722 "The number of IPv4 packets blocked going out on this interface." 723 ::= { pfInterfacesIfEntry 14 } 724 725pfInterfacesIf6BytesInPass OBJECT-TYPE 726 SYNTAX Counter64 727 MAX-ACCESS read-only 728 STATUS current 729 DESCRIPTION 730 "The number of IPv6 bytes passed coming in on this interface." 731 ::= { pfInterfacesIfEntry 15 } 732 733pfInterfacesIf6BytesInBlock OBJECT-TYPE 734 SYNTAX Counter64 735 MAX-ACCESS read-only 736 STATUS current 737 DESCRIPTION 738 "The number of IPv6 bytes blocked coming in on this interface." 739 ::= { pfInterfacesIfEntry 16 } 740 741pfInterfacesIf6BytesOutPass OBJECT-TYPE 742 SYNTAX Counter64 743 MAX-ACCESS read-only 744 STATUS current 745 DESCRIPTION 746 "The number of IPv6 bytes passed going out on this interface." 747 ::= { pfInterfacesIfEntry 17 } 748 749pfInterfacesIf6BytesOutBlock OBJECT-TYPE 750 SYNTAX Counter64 751 MAX-ACCESS read-only 752 STATUS current 753 DESCRIPTION 754 "The number of IPv6 bytes blocked going out on this interface." 755 ::= { pfInterfacesIfEntry 18 } 756 757 758pfInterfacesIf6PktsInPass OBJECT-TYPE 759 SYNTAX Counter64 760 MAX-ACCESS read-only 761 STATUS current 762 DESCRIPTION 763 "The number of IPv6 packets passed coming in on this interface." 764 ::= { pfInterfacesIfEntry 19 } 765 766pfInterfacesIf6PktsInBlock OBJECT-TYPE 767 SYNTAX Counter64 768 MAX-ACCESS read-only 769 STATUS current 770 DESCRIPTION 771 "The number of IPv6 packets blocked coming in on this interface." 772 ::= { pfInterfacesIfEntry 20 } 773 774pfInterfacesIf6PktsOutPass OBJECT-TYPE 775 SYNTAX Counter64 776 MAX-ACCESS read-only 777 STATUS current 778 DESCRIPTION 779 "The number of IPv6 packets passed going out on this interface." 780 ::= { pfInterfacesIfEntry 21 } 781 782pfInterfacesIf6PktsOutBlock OBJECT-TYPE 783 SYNTAX Counter64 784 MAX-ACCESS read-only 785 STATUS current 786 DESCRIPTION 787 "The number of IPv6 packets blocked going out on this interface." 788 ::= { pfInterfacesIfEntry 22 } 789 790-- -------------------------------------------------------------------------- 791 792-- 793-- tables 794-- 795 796pfTablesTblNumber OBJECT-TYPE 797 SYNTAX Integer32 798 MAX-ACCESS read-only 799 STATUS current 800 DESCRIPTION 801 "The number of tables on this system." 802 ::= { pfTables 1 } 803 804pfTablesTblTable OBJECT-TYPE 805 SYNTAX SEQUENCE OF PfTablesTblEntry 806 MAX-ACCESS not-accessible 807 STATUS current 808 DESCRIPTION 809 "Table of tables, index on pfTablesTblIndex." 810 ::= { pfTables 2 } 811 812pfTablesTblEntry OBJECT-TYPE 813 SYNTAX PfTablesTblEntry 814 MAX-ACCESS not-accessible 815 STATUS current 816 DESCRIPTION 817 "Any entry in the pfTablesTblTable containing information 818 about a particular table on the system." 819 INDEX { pfTablesTblIndex } 820 ::= { pfTablesTblTable 1 } 821 822PfTablesTblEntry ::= SEQUENCE { 823 pfTablesTblIndex Integer32, 824 pfTablesTblDescr OCTET STRING, 825 pfTablesTblCount Integer32, 826 pfTablesTblTZero TimeTicks, 827 pfTablesTblRefsAnchor Integer32, 828 pfTablesTblRefsRule Integer32, 829 pfTablesTblEvalMatch Counter64, 830 pfTablesTblEvalNoMatch Counter64, 831 pfTablesTblBytesInPass Counter64, 832 pfTablesTblBytesInBlock Counter64, 833 pfTablesTblBytesInXPass Counter64, 834 pfTablesTblBytesOutPass Counter64, 835 pfTablesTblBytesOutBlock Counter64, 836 pfTablesTblBytesOutXPass Counter64, 837 pfTablesTblPktsInPass Counter64, 838 pfTablesTblPktsInBlock Counter64, 839 pfTablesTblPktsInXPass Counter64, 840 pfTablesTblPktsOutPass Counter64, 841 pfTablesTblPktsOutBlock Counter64, 842 pfTablesTblPktsOutXPass Counter64 843} 844 845pfTablesTblIndex OBJECT-TYPE 846 SYNTAX Integer32 (1..2147483647) 847 MAX-ACCESS not-accessible 848 STATUS current 849 DESCRIPTION 850 "A unique value, greater than zero, for each table." 851 ::= { pfTablesTblEntry 1 } 852 853pfTablesTblDescr OBJECT-TYPE 854 SYNTAX OCTET STRING 855 MAX-ACCESS read-only 856 STATUS current 857 DESCRIPTION 858 "The name of the table." 859 ::= { pfTablesTblEntry 2 } 860 861pfTablesTblCount OBJECT-TYPE 862 SYNTAX Integer32 863 MAX-ACCESS read-only 864 STATUS current 865 DESCRIPTION 866 "The number of addresses in the table." 867 ::= { pfTablesTblEntry 3 } 868 869pfTablesTblTZero OBJECT-TYPE 870 SYNTAX TimeTicks 871 UNITS "1/100th of a Second" 872 MAX-ACCESS read-only 873 STATUS current 874 DESCRIPTION 875 "The time passed since the statistics of this table were last 876 cleared or the time since this table was loaded, whichever is 877 sooner." 878 ::= { pfTablesTblEntry 4 } 879 880pfTablesTblRefsAnchor OBJECT-TYPE 881 SYNTAX Integer32 882 MAX-ACCESS read-only 883 STATUS current 884 DESCRIPTION 885 "The number of anchors referencing this table." 886 ::= { pfTablesTblEntry 5 } 887 888pfTablesTblRefsRule OBJECT-TYPE 889 SYNTAX Integer32 890 MAX-ACCESS read-only 891 STATUS current 892 DESCRIPTION 893 "The number of rules referencing this table." 894 ::= { pfTablesTblEntry 6 } 895 896pfTablesTblEvalMatch OBJECT-TYPE 897 SYNTAX Counter64 898 MAX-ACCESS read-only 899 STATUS current 900 DESCRIPTION 901 "The number of evaluations returning a match." 902 ::= { pfTablesTblEntry 7 } 903 904pfTablesTblEvalNoMatch OBJECT-TYPE 905 SYNTAX Counter64 906 MAX-ACCESS read-only 907 STATUS current 908 DESCRIPTION 909 "The number of evaluations not returning a match." 910 ::= { pfTablesTblEntry 8 } 911 912pfTablesTblBytesInPass OBJECT-TYPE 913 SYNTAX Counter64 914 MAX-ACCESS read-only 915 STATUS current 916 DESCRIPTION 917 "The number of bytes passed in matching the table." 918 ::= { pfTablesTblEntry 9 } 919 920pfTablesTblBytesInBlock OBJECT-TYPE 921 SYNTAX Counter64 922 MAX-ACCESS read-only 923 STATUS current 924 DESCRIPTION 925 "The number of bytes blocked coming in matching the table." 926 ::= { pfTablesTblEntry 10 } 927 928pfTablesTblBytesInXPass OBJECT-TYPE 929 SYNTAX Counter64 930 MAX-ACCESS read-only 931 STATUS current 932 DESCRIPTION 933 "The number of bytes statefully passed in where the state 934 entry refers to the table, but the table no longer contains 935 the address in question." 936 ::= { pfTablesTblEntry 11 } 937 938pfTablesTblBytesOutPass OBJECT-TYPE 939 SYNTAX Counter64 940 MAX-ACCESS read-only 941 STATUS current 942 DESCRIPTION 943 "The number of bytes passed out matching the table." 944 ::= { pfTablesTblEntry 12 } 945 946pfTablesTblBytesOutBlock OBJECT-TYPE 947 SYNTAX Counter64 948 MAX-ACCESS read-only 949 STATUS current 950 DESCRIPTION 951 "The number of bytes blocked going out matching the table." 952 ::= { pfTablesTblEntry 13 } 953 954pfTablesTblBytesOutXPass OBJECT-TYPE 955 SYNTAX Counter64 956 MAX-ACCESS read-only 957 STATUS current 958 DESCRIPTION 959 "The number of bytes statefully passed out where the state 960 entry refers to the table, but the table no longer contains 961 the address in question." 962 ::= { pfTablesTblEntry 14 } 963 964pfTablesTblPktsInPass OBJECT-TYPE 965 SYNTAX Counter64 966 MAX-ACCESS read-only 967 STATUS current 968 DESCRIPTION 969 "The number of packets passed in matching the table." 970 ::= { pfTablesTblEntry 15 } 971 972pfTablesTblPktsInBlock OBJECT-TYPE 973 SYNTAX Counter64 974 MAX-ACCESS read-only 975 STATUS current 976 DESCRIPTION 977 "The number of packets blocked coming in matching the table." 978 ::= { pfTablesTblEntry 16 } 979 980pfTablesTblPktsInXPass OBJECT-TYPE 981 SYNTAX Counter64 982 MAX-ACCESS read-only 983 STATUS current 984 DESCRIPTION 985 "The number of packets statefully passed in where the state 986 entry refers to the table, but the table no longer contains 987 the address in question." 988 ::= { pfTablesTblEntry 17 } 989 990pfTablesTblPktsOutPass OBJECT-TYPE 991 SYNTAX Counter64 992 MAX-ACCESS read-only 993 STATUS current 994 DESCRIPTION 995 "The number of packets passed out matching the table." 996 ::= { pfTablesTblEntry 18 } 997 998pfTablesTblPktsOutBlock OBJECT-TYPE 999 SYNTAX Counter64 1000 MAX-ACCESS read-only 1001 STATUS current 1002 DESCRIPTION 1003 "The number of packets blocked going out matching the table." 1004 ::= { pfTablesTblEntry 19 } 1005 1006pfTablesTblPktsOutXPass OBJECT-TYPE 1007 SYNTAX Counter64 1008 MAX-ACCESS read-only 1009 STATUS current 1010 DESCRIPTION 1011 "The number of packets statefully passed out where the state 1012 entry refers to the table, but the table no longer contains 1013 the address in question." 1014 ::= { pfTablesTblEntry 20 } 1015 1016pfTablesAddrTable OBJECT-TYPE 1017 SYNTAX SEQUENCE OF PfTablesAddrEntry 1018 MAX-ACCESS not-accessible 1019 STATUS current 1020 DESCRIPTION 1021 "Table of addresses from every table on the system." 1022 ::= { pfTables 3 } 1023 1024pfTablesAddrEntry OBJECT-TYPE 1025 SYNTAX PfTablesAddrEntry 1026 MAX-ACCESS not-accessible 1027 STATUS current 1028 DESCRIPTION 1029 "An entry in the pfTablesAddrTable containing information 1030 about a particular entry in a table." 1031 INDEX { pfTablesAddrIndex } 1032 ::= { pfTablesAddrTable 1 } 1033 1034PfTablesAddrEntry ::= SEQUENCE { 1035 pfTablesAddrIndex Integer32, 1036 pfTablesAddrNetType InetAddressType, 1037 pfTablesAddrNet InetAddress, 1038 pfTablesAddrPrefix InetAddressPrefixLength, 1039 pfTablesAddrTZero TimeTicks, 1040 pfTablesAddrBytesInPass Counter64, 1041 pfTablesAddrBytesInBlock Counter64, 1042 pfTablesAddrBytesOutPass Counter64, 1043 pfTablesAddrBytesOutBlock Counter64, 1044 pfTablesAddrPktsInPass Counter64, 1045 pfTablesAddrPktsInBlock Counter64, 1046 pfTablesAddrPktsOutPass Counter64, 1047 pfTablesAddrPktsOutBlock Counter64 1048} 1049 1050pfTablesAddrIndex OBJECT-TYPE 1051 SYNTAX Integer32 (1..2147483647) 1052 MAX-ACCESS not-accessible 1053 STATUS current 1054 DESCRIPTION 1055 "A unique value, greater than zero, for each address." 1056 ::= { pfTablesAddrEntry 1 } 1057 1058pfTablesAddrNetType OBJECT-TYPE 1059 SYNTAX InetAddressType 1060 MAX-ACCESS read-only 1061 STATUS current 1062 DESCRIPTION 1063 "The type of address in the corresponding pfTablesAddrNet object." 1064 ::= { pfTablesAddrEntry 2 } 1065 1066pfTablesAddrNet OBJECT-TYPE 1067 SYNTAX InetAddress 1068 MAX-ACCESS read-only 1069 STATUS current 1070 DESCRIPTION 1071 "The IP address of this particular table entry." 1072 ::= { pfTablesAddrEntry 3 } 1073 1074pfTablesAddrPrefix OBJECT-TYPE 1075 SYNTAX InetAddressPrefixLength 1076 MAX-ACCESS read-only 1077 STATUS current 1078 DESCRIPTION 1079 "The CIDR netmask of this particular table entry." 1080 ::= { pfTablesAddrEntry 4 } 1081 1082pfTablesAddrTZero OBJECT-TYPE 1083 SYNTAX TimeTicks 1084 UNITS "1/100th of a Second" 1085 MAX-ACCESS read-only 1086 STATUS current 1087 DESCRIPTION 1088 "The time passed since this entry's statistics were last 1089 cleared, or the time passed since this entry was loaded 1090 into the table, whichever is sooner." 1091 ::= { pfTablesAddrEntry 5 } 1092 1093pfTablesAddrBytesInPass OBJECT-TYPE 1094 SYNTAX Counter64 1095 MAX-ACCESS read-only 1096 STATUS current 1097 DESCRIPTION 1098 "The number of inbound bytes passed as a result of this entry." 1099 ::= { pfTablesAddrEntry 6 } 1100 1101pfTablesAddrBytesInBlock OBJECT-TYPE 1102 SYNTAX Counter64 1103 MAX-ACCESS read-only 1104 STATUS current 1105 DESCRIPTION 1106 "The number of inbound bytes blocked as a result of this entry." 1107 ::= { pfTablesAddrEntry 7 } 1108 1109pfTablesAddrBytesOutPass OBJECT-TYPE 1110 SYNTAX Counter64 1111 MAX-ACCESS read-only 1112 STATUS current 1113 DESCRIPTION 1114 "The number of outbound bytes passed as a result of this entry." 1115 ::= { pfTablesAddrEntry 8 } 1116 1117pfTablesAddrBytesOutBlock OBJECT-TYPE 1118 SYNTAX Counter64 1119 MAX-ACCESS read-only 1120 STATUS current 1121 DESCRIPTION 1122 "The number of outbound bytes blocked as a result of this entry." 1123 ::= { pfTablesAddrEntry 9 } 1124 1125pfTablesAddrPktsInPass OBJECT-TYPE 1126 SYNTAX Counter64 1127 MAX-ACCESS read-only 1128 STATUS current 1129 DESCRIPTION 1130 "The number of inbound packets passed as a result of this entry." 1131 ::= { pfTablesAddrEntry 10 } 1132 1133pfTablesAddrPktsInBlock OBJECT-TYPE 1134 SYNTAX Counter64 1135 MAX-ACCESS read-only 1136 STATUS current 1137 DESCRIPTION 1138 "The number of inbound packets blocked as a result of this entry." 1139 ::= { pfTablesAddrEntry 11 } 1140 1141pfTablesAddrPktsOutPass OBJECT-TYPE 1142 SYNTAX Counter64 1143 MAX-ACCESS read-only 1144 STATUS current 1145 DESCRIPTION 1146 "The number of outbound packets passed as a result of this entry." 1147 ::= { pfTablesAddrEntry 12 } 1148 1149pfTablesAddrPktsOutBlock OBJECT-TYPE 1150 SYNTAX Counter64 1151 MAX-ACCESS read-only 1152 STATUS current 1153 DESCRIPTION 1154 "The number of outbound packets blocked as a result of this 1155 entry." 1156 ::= { pfTablesAddrEntry 13 } 1157 1158-- -------------------------------------------------------------------------- 1159 1160-- 1161-- Altq information 1162-- 1163 1164pfAltqQueueNumber OBJECT-TYPE 1165 SYNTAX Unsigned32 1166 MAX-ACCESS read-only 1167 STATUS current 1168 DESCRIPTION 1169 "The number of queues in the active set." 1170 ::= { pfAltq 1 } 1171 1172pfAltqQueueTable OBJECT-TYPE 1173 SYNTAX SEQUENCE OF PfAltqQueueEntry 1174 MAX-ACCESS not-accessible 1175 STATUS current 1176 DESCRIPTION 1177 "Table containing the rules that are active on this system." 1178 ::= { pfAltq 2 } 1179 1180pfAltqQueueEntry OBJECT-TYPE 1181 SYNTAX PfAltqQueueEntry 1182 MAX-ACCESS not-accessible 1183 STATUS current 1184 DESCRIPTION 1185 "An entry in the pfAltqQueueTable table." 1186 INDEX { pfAltqQueueIndex } 1187 ::= { pfAltqQueueTable 1 } 1188 1189PfAltqQueueEntry ::= SEQUENCE { 1190 pfAltqQueueIndex Integer32, 1191 pfAltqQueueDescr OCTET STRING, 1192 pfAltqQueueParent OCTET STRING, 1193 pfAltqQueueScheduler INTEGER, 1194 pfAltqQueueBandwidth Unsigned32, 1195 pfAltqQueuePriority Integer32, 1196 pfAltqQueueLimit Integer32 1197} 1198 1199pfAltqQueueIndex OBJECT-TYPE 1200 SYNTAX Integer32 (1..2147483647) 1201 MAX-ACCESS not-accessible 1202 STATUS current 1203 DESCRIPTION 1204 "A unique value, greater than zero, for each queue." 1205 ::= { pfAltqQueueEntry 1 } 1206 1207pfAltqQueueDescr OBJECT-TYPE 1208 SYNTAX OCTET STRING 1209 MAX-ACCESS read-only 1210 STATUS current 1211 DESCRIPTION 1212 "The name of the queue." 1213 ::= { pfAltqQueueEntry 2 } 1214 1215pfAltqQueueParent OBJECT-TYPE 1216 SYNTAX OCTET STRING 1217 MAX-ACCESS read-only 1218 STATUS current 1219 DESCRIPTION 1220 "Name of the queue's parent if it has one." 1221 ::= { pfAltqQueueEntry 3 } 1222 1223pfAltqQueueScheduler OBJECT-TYPE 1224 SYNTAX INTEGER { cbq(1), hfsc(8), priq(11) } 1225 MAX-ACCESS read-only 1226 STATUS current 1227 DESCRIPTION 1228 "Scheduler algorithm implemented by this queue." 1229 ::= { pfAltqQueueEntry 4 } 1230 1231pfAltqQueueBandwidth OBJECT-TYPE 1232 SYNTAX Unsigned32 1233 MAX-ACCESS read-only 1234 STATUS current 1235 DESCRIPTION 1236 "Bandwitch assigned to this queue." 1237 ::= { pfAltqQueueEntry 5 } 1238 1239pfAltqQueuePriority OBJECT-TYPE 1240 SYNTAX Integer32 1241 MAX-ACCESS read-only 1242 STATUS current 1243 DESCRIPTION 1244 "Priority level of the queue." 1245 ::= { pfAltqQueueEntry 6 } 1246 1247pfAltqQueueLimit OBJECT-TYPE 1248 SYNTAX Integer32 1249 MAX-ACCESS read-only 1250 STATUS current 1251 DESCRIPTION 1252 "Maximum number of packets in the queue." 1253 ::= { pfAltqQueueEntry 7 } 1254 1255pfLabelsLblNumber OBJECT-TYPE 1256 SYNTAX Integer32 1257 MAX-ACCESS read-only 1258 STATUS current 1259 DESCRIPTION 1260 "The number of labeled filter rules on this system." 1261 ::= { pfLabels 1 } 1262 1263pfLabelsLblTable OBJECT-TYPE 1264 SYNTAX SEQUENCE OF PfLabelsLblEntry 1265 MAX-ACCESS not-accessible 1266 STATUS current 1267 DESCRIPTION 1268 "Table of filter rules, index on pfLabelsLblIndex." 1269 ::= { pfLabels 2 } 1270 1271pfLabelsLblEntry OBJECT-TYPE 1272 SYNTAX PfLabelsLblEntry 1273 MAX-ACCESS not-accessible 1274 STATUS current 1275 DESCRIPTION 1276 "Any entry in the pfLabelsLblTable containing information 1277 about a particular filter rule on the system." 1278 INDEX { pfLabelsLblIndex } 1279 ::= { pfLabelsLblTable 1 } 1280 1281PfLabelsLblEntry ::= SEQUENCE { 1282 pfLabelsLblIndex Integer32, 1283 pfLabelsLblName OCTET STRING, 1284 pfLabelsLblEvals Counter64, 1285 pfLabelsLblBytesIn Counter64, 1286 pfLabelsLblBytesOut Counter64, 1287 pfLabelsLblPktsIn Counter64, 1288 pfLabelsLblPktsOut Counter64 1289} 1290 1291pfLabelsLblIndex OBJECT-TYPE 1292 SYNTAX Integer32 (1..2147483647) 1293 MAX-ACCESS not-accessible 1294 STATUS current 1295 DESCRIPTION 1296 "A unique value, greater than zero, for each label." 1297 ::= { pfLabelsLblEntry 1 } 1298 1299pfLabelsLblName OBJECT-TYPE 1300 SYNTAX OCTET STRING 1301 MAX-ACCESS read-only 1302 STATUS current 1303 DESCRIPTION 1304 "The name of the rule label." 1305 ::= { pfLabelsLblEntry 2 } 1306 1307pfLabelsLblEvals OBJECT-TYPE 1308 SYNTAX Counter64 1309 MAX-ACCESS read-only 1310 STATUS current 1311 DESCRIPTION 1312 "The number of rule evaluations." 1313 ::= { pfLabelsLblEntry 3 } 1314 1315pfLabelsLblBytesIn OBJECT-TYPE 1316 SYNTAX Counter64 1317 MAX-ACCESS read-only 1318 STATUS current 1319 DESCRIPTION 1320 "The number of incoming bytes matched by the rule." 1321 ::= { pfLabelsLblEntry 4 } 1322 1323pfLabelsLblBytesOut OBJECT-TYPE 1324 SYNTAX Counter64 1325 MAX-ACCESS read-only 1326 STATUS current 1327 DESCRIPTION 1328 "The number of outgoing bytes matched by the rule." 1329 ::= { pfLabelsLblEntry 5 } 1330 1331pfLabelsLblPktsIn OBJECT-TYPE 1332 SYNTAX Counter64 1333 MAX-ACCESS read-only 1334 STATUS current 1335 DESCRIPTION 1336 "The number of incoming packets matched by the rule." 1337 ::= { pfLabelsLblEntry 6 } 1338 1339pfLabelsLblPktsOut OBJECT-TYPE 1340 SYNTAX Counter64 1341 MAX-ACCESS read-only 1342 STATUS current 1343 DESCRIPTION 1344 "The number of outgoing packets matched by the rule." 1345 ::= { pfLabelsLblEntry 7 } 1346 1347END 1348