Script to produce Prometheus-style .prom files from pfctl(8) output. By default places output in /var/tmp/node_exporter, for the benefit of node_exporter.

Currently only collects data from running jails (not the host itself).

Assumptions

The script first checks for the existence of /dev/pf.

Jails with a /dev/pf have paths either of the form /x/y or /x/y/root

Both cases are checked, and if /sbin/pfctl and /libexec/ld-elf.so.1 are found, they are used as-is.

If not, the former pattern is expected to be the parent of a wrapped jail, with no libraries or binaries in the regular paths. The inner jail is expected to have a path prefix of /root relative to the parent; In such cases, the script sets LD_LIBRARY_PATH to /root/lib and invokes /root/libexec/ld-elf.so.1 to execute /root/sbin/pfctl.

Work to be done

• Be more flexible about jail path layouts
• Support collecting pf stats for the host
• Collect per-rule statistics
• Collect per-table statistics