Network Security: Firewall Rule "Hit" Counters
Display the number of packets that match each rule in the table. So you can locate unnecessary packetfilter rules. Should be able to reset the hit counter(s) as needed, along with a tooltip to show the last time(s) of the previous few hits.
Show a triggered count of firewall rules/NAT rules so that you can easily cleanup rules that never get triggered.
This would be a giant help when trying to determine obsolete rules.
Track via a hits counter how often packet filter rules are matched. This allows you to see potentially unneeded rules and remove them.
Hans Stutz commented
This can be done via IPTables in Console. But it would be nice to have it in WebGUI.
Bastien Bobe commented
No one is interested about this rule anymore ?
Cisco ASA firewall has this Feature, it's great for cleaning up the Rules.
Also Cisco ASA firewall has this, it would be a very nice to have feature!
Marcus Hock commented
This would _really_ make rule management easier - Checkpoint added this in R75.40 (yeeeeees, I know, Astaro is not Checkpoint). A very helpful feature though!
If easier (or more efficient) than counters, "last used" field would be sufficient to find unneeded rules.
Michiel Beumer commented
essential for a smooth firewall with many rules!
While you're at it, please make it possible to filter for protocols
charles sterling commented
Currently the archived logs exclude info like "country block" reference so you are forced to sort by rule and then lookup the rules in these groups to locate problem areas.
I think this and other real-time statistics throughout WebAdmin would be great!
Bob Alfson commented
Michael, I think your English says everything you've said in German.