> > I'm using simple rules such as:
> > count in on ppp0 from any to any
> > count out on ppp0 from any to any
> >
> > and also some extended rules:
> > count in on le0 from 10.0.0.1 to !10.0.0.10
> > count out on le0 from !10.0.0.10 to 10.0.0.1
> >
> > for each pc to show the amount of real traffic being sent through ipnat.
>
> Sorry to be a little off-topic here, but what are the differences between
> using ipf/ipfstat and using netstat to report bytes in and out?
>
> What are the benefits (or disadvantages) of using netstat versus ipf to
> keep tabs on the usage?
>

For my purposes ipf/ipfstat allows me to manage rules such as the ones
above. It allows me to figure the total downloads and uploads and also
allows me to figure out how much each pc is using. The cost of this net
connection is shared so in the rare that case we get charged for using over
the 3gb cap, this extra info will come in handy.

It also allows me to put in rules for measuring traffic to/from free sites
based on ports, ips or networks etc. For example, the IP of a free gaming
server I use is 139.134.252.151. I could count this with a rule like 'count
in/out on ppp0 from/to 139.134.252.151/any' and then subtract it from the
totals later to find out how much metered traffic I'm really using.

I'm willing to be corrected if netstat is able to do this. I've only just
started looking into the possibilities anyway.

One other thing, does netstat count traffic that has been blocked by ipf?

-Gwilym