--
-- $jwk: OPENBSD-PF-MIB.txt,v 1.25 2005/05/04 02:09:58 jwk Exp $
--
--
-- Copyright (c) 2004,2005 Joel Knight <enabled@myrealbox.com>
-- 
-- Permission to use, copy, modify, and distribute this document for any
-- purpose with or without fee is hereby granted, provided that the above
-- copyright notice and this permission notice appear in all copies.
--
-- THE DOCUMENT IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-- WITH REGARD TO THIS DOCUMENT INCLUDING ALL IMPLIED WARRANTIES OF
-- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS DOCUMENT.


OPENBSD-PF-MIB DEFINITIONS ::= BEGIN

IMPORTS
	MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, 
	Counter32, Counter64, Unsigned32, Integer32, IpAddress,
	TimeTicks, enterprises
		FROM SNMPv2-SMI

	TruthValue
		FROM SNMPv2-TC
		
	openBSD
		FROM OPENBSD-BASE-MIB
	
	MODULE-COMPLIANCE, OBJECT-GROUP
		FROM SNMPv2-CONF;

pfMIBObjects MODULE-IDENTITY
    LAST-UPDATED "200501250000Z"
    ORGANIZATION "OpenBSD"
    CONTACT-INFO "
                  Author:     Joel Knight
                  email:      enabled@myrealbox.com
                 "
    DESCRIPTION "The MIB module for gathering information from
		OpenBSD's packet filter.
                "
    ::= { openBSD 1 }


-- define the sections of the MIB

info				OBJECT IDENTIFIER ::= { pfMIBObjects 1 }
counters			OBJECT IDENTIFIER ::= { pfMIBObjects 2 }
stateTable			OBJECT IDENTIFIER ::= { pfMIBObjects 3 }
loginterface			OBJECT IDENTIFIER ::= { pfMIBObjects 4 }
sourceTracking			OBJECT IDENTIFIER ::= { pfMIBObjects 5 }
limits				OBJECT IDENTIFIER ::= { pfMIBObjects 6 }
timeouts			OBJECT IDENTIFIER ::= { pfMIBObjects 7 }
interfaces			OBJECT IDENTIFIER ::= { pfMIBObjects 8 }
tables				OBJECT IDENTIFIER ::= { pfMIBObjects 9 }

-- info

running OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Indicates whether pf is enabled or not."
    ::= { info 1 }

runtime OBJECT-TYPE
    SYNTAX      TimeTicks
    UNITS      "1/100th of a Second"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Indicates how long pf has been enabled. If pf is not
	enabled, indicates how long pf has been disabled. If pf has not
	been explicitly enabled or disabled since the system was booted,
	the value will be 0."
    ::= { info 2 }

debug OBJECT-TYPE
    SYNTAX      INTEGER { none(0), urgent(1), misc(2), noisey(3) }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Indicates the debug level that pf is running at." 
    ::= { info 3 }

hostid OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The (unique) host id of the machine running pf."
    ::= { info 4 }


-- counters

match OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that have matched a filter rule."
    ::= { counters 1 }

badOffset OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that have had a bad offset value."
    ::= { counters 2 }

fragment OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packet fragments."
    ::= { counters 3 }

short OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were too short to contain a valid header."
    ::= { counters 4 }

normalize OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were normalized using the packet scrubber."
    ::= { counters 5 }

memory OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to memory limitations."
    ::= { counters 6 }

timestamp OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to improper RFC1323 timestamp."
    ::= { counters 7 }

congestion OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to congestion on the interface."
    ::= { counters 8 }

ip-option OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to having options set in
    the IP header."
    ::= { counters 9 }

proto-cksum OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to memory limitations."
    ::= { counters 10 }

state-mismatch OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to a state table mismatch."
    ::= { counters 11 }

state-insert OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to errors creating a
	state table entry."
    ::= { counters 12 }

state-limit OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to the per-rule max
	state limit being reached."
    ::= { counters 13 }

src-limit OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped due to stateful connection
	tracking. A packet could be dropped due to resource limits (memory)
	or due to a tracking limit being reached."
    ::= { counters 14 }

synproxy OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of packets that were dropped during the TCP synproxy process."
    ::= { counters 15 }


-- stateTable

count OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of entries in the state table."
    ::= { stateTable 1 }

searches OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of searches against the state table."
    ::= { stateTable 2 }

inserts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of inserts into the state table."
    ::= { stateTable 3 }

removals OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of removals from the state table."
    ::= { stateTable 4 }


-- loginterface

name OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The name of the interface configured using 'set loginterface'.
	If no interface has been configured, the object will be empty."
    ::= { loginterface 1 }

ipBytesIn OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of IPv4 bytes passed in on the loginterface."
    ::= { loginterface 2 }

ipBytesOut OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of IPv4 bytes passed out on the loginterface."
    ::= { loginterface 3 }

ipPktsInPass OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of IPv4 packets passed in on the loginterface."
    ::= { loginterface 4 }

ipPktsInDrop OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of dropped IPv4 packets coming in on the loginterface."
    ::= { loginterface 5 }

ipPktsOutPass OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of IPv4 packets passed out on the loginterface."
    ::= { loginterface 6 }

ipPktsOutDrop OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of dropped IPv4 packets going out on the loginterface."
    ::= { loginterface 7 }

ip6BytesIn OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of IPv6 bytes passed in on the loginterface."
    ::= { loginterface 8 }

ip6BytesOut OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of IPv6 bytes passed out on the loginterface."
    ::= { loginterface 9 }

ip6PktsInPass OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of IPv6 packets passed in on the loginterface."
    ::= { loginterface 10 }

ip6PktsInDrop OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of dropped IPv6 packets coming in on the loginterface."
    ::= { loginterface 11 }

ip6PktsOutPass OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of IPv6 packets passed out on the loginterface."
    ::= { loginterface 12 }

ip6PktsOutDrop OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of dropped IPv6 packets going out on the loginterface."
    ::= { loginterface 13 }


-- sourceTracking

count OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of entries in the source tracking table."
    ::= { sourceTracking 1 }

searches OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of searches against the source tracking table."
    ::= { sourceTracking 2 }

inserts OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of inserts into the source tracking table."
    ::= { sourceTracking 3 }

removals OBJECT-TYPE
    SYNTAX      Counter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The number of removals from the source tracking table."
    ::= { sourceTracking 4 }


-- limits

states OBJECT-TYPE
	SYNTAX		Unsigned32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The maximum number of entries in the memory pool used by state
	table entries (filter rules that specify 'keep state')."
	::= { limits 1 }

sourceNodes OBJECT-TYPE
	SYNTAX		Unsigned32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The maximum number of entries in the memory pool used for tracking
	source IP addresses (filter rules that specify 'sticky-address' or
	'source-track' options)."
	::= { limits 2 }

fragments OBJECT-TYPE
	SYNTAX		Unsigned32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The maximum number of entries in the memory pool used for packet 
	reassembly (scrub rules)."
	::= { limits 3 }


-- timeouts

tcpFirst OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State after receiving the first TCP packet in a new connection."
	::= { timeouts 1 }

tcpOpening OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State before the destination host ever sends a packet in response
	to a new connection from this host."
	::= { timeouts 2 }

tcpEstablished OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State when a TCP connection is fully established."
	::= { timeouts 3 }

tcpClosing OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State after the first FIN has been sent."
	::= { timeouts 4 }

tcpFinWait OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State after both FINs are sent and the connection is closed."
	::= { timeouts 5 }

tcpClosed OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State after the first RST has been sent."
	::= { timeouts 6 }

udpFirst OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State after receiving the first UDP packet."
	::= { timeouts 7 }

udpSingle OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State if the source sends more than 1 packet but the destination
	has never sent a packet back."
	::= { timeouts 8 }

udpMultiple OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State when both hosts have sent packets."
	::= { timeouts 9 }

icmpFirst OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State after receiving the first ICMP packet."
	::= { timeouts 10 }

icmpError OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State when an ICMP error comes back in response to an ICMP
	packet."
	::= { timeouts 11 }

otherFirst OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State after receiving the first packet."
	::= { timeouts 12 }

otherSingle OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State if the source sends more than 1 packet but the destination
	has never sent a packet back."
	::= { timeouts 13 }

otherMultiple OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"State when both hosts have sent packets."
	::= { timeouts 14 }

fragment OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"How long before an unassembled fragment is expired."
	::= { timeouts 15 }

interval OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"Interval before purging expired states and fragments."
	::= { timeouts 16 }

adaptiveStart OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"When the number of state entries exceeds this value, adaptive
	scaling begins."
	::= { timeouts 17 }

adaptiveEnd OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"When reaching this number of state entries, all timeout values 
	become zero, effectively purging all state entries immediately."
	::= { timeouts 18 }

sourceTrack OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"Time that a source tracking entry will stay around after the
	last state expires."
	::= { timeouts 19 }


-- interfaces

ifNumber  OBJECT-TYPE
	SYNTAX      Integer32
	MAX-ACCESS  read-only
	STATUS      current
	DESCRIPTION
	"The number of network interfaces present on this system."
	::= { interfaces 1 }

ifTable OBJECT-TYPE
	SYNTAX		SEQUENCE OF IfEntry
	MAX-ACCESS	not-accessible
	STATUS		current
	DESCRIPTION
	"A list of individual interfaces. The number of entries is
	given by the value of ifNumber."
	::= { interfaces 128 }

ifEntry OBJECT-TYPE
	SYNTAX      IfEntry
	MAX-ACCESS  not-accessible
	STATUS      current
	DESCRIPTION
	"An entry containing management information applicable to a
	particular interface."
	INDEX   { ifIndex }
	::= { ifTable 1 }

IfEntry ::=
	SEQUENCE {
		ifIndex			Integer32,
		ifDescr			OCTET STRING,
		ifType			INTEGER,
		ifRefs			Unsigned32,
		ifRules			Unsigned32,
		ifIn4PassPkts		Counter64,
		ifIn4PassBytes		Counter64,
		ifIn4BlockPkts		Counter64,
		ifIn4BlockBytes		Counter64,
		ifOut4PassPkts		Counter64,
		ifOut4PassBytes		Counter64,
		ifOut4BlockPkts		Counter64,
		ifOut4BlockBytes	Counter64,
		ifIn6PassPkts		Counter64,
		ifIn6PassBytes		Counter64,
		ifIn6BlockPkts		Counter64,
		ifIn6BlockBytes		Counter64,
		ifOut6PassPkts		Counter64,
		ifOut6PassBytes		Counter64,
		ifOut6BlockPkts		Counter64,
		ifOut6BlockBytes	Counter64
	}

ifIndex OBJECT-TYPE
	SYNTAX		Integer32 (1..2147483647)
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"A unique value, greater than zero, for each interface.  It
	is recommended that values are assigned contiguously
	starting from 1.  The value for each interface sub-layer
	must remain constant at least from one re-initialization of
	the entity's network management system to the next re-
	initialization."
	::= { ifEntry 1 }

ifDescr OBJECT-TYPE
	SYNTAX		OCTET STRING
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The name of the interface."
	::= { ifEntry 2 }

ifType OBJECT-TYPE
	SYNTAX 		INTEGER { group(0), instance(1), detached(2) }
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"Denotes whether the interface is a group interface, an interface 
	instance, or whether it's been removed or destroyed."
	::= { ifEntry 3 }

ifRefs OBJECT-TYPE
	SYNTAX		Unsigned32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of state and/or source track entries which reference 
	the interface."
	::= { ifEntry 4 }

ifRules OBJECT-TYPE
	SYNTAX		Unsigned32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of rules which reference the interface."
	::= { ifEntry 5 }

ifIn4PassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of IPv4 packets passed in."
	::= { ifEntry 6 }

ifIn4PassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of IPv4 bytes passed in."
	::= { ifEntry 7 }

ifIn4BlockPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of incoming IPv4 packets blocked."
	::= { ifEntry 8 }

ifIn4BlockBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of incoming IPv4 bytes blocked."
	::= { ifEntry 9 }

ifOut4PassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of IPv4 bytes passed out."
	::= { ifEntry 10 }

ifOut4PassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of IPv4 bytes passed out."
	::= { ifEntry 11 }

ifOut4BlockPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outgoing IPv4 bytes blocked."
	::= { ifEntry 12 }

ifOut4BlockBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outgoing IPv4 bytes blocked."
	::= { ifEntry 13 }

ifIn6PassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of IPv6 packets passed in."
	::= { ifEntry 14 }

ifIn6PassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of IPv6 bytes passed in."
	::= { ifEntry 15 }

ifIn6BlockPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of incoming IPv6 packets blocked."
	::= { ifEntry 16 }

ifIn6BlockBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of incoming IPv6 bytes blocked."
	::= { ifEntry 17 }

ifOut6PassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of IPv6 bytes passed out."
	::= { ifEntry 18 }

ifOut6PassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of IPv6 bytes passed out."
	::= { ifEntry 19 }

ifOut6BlockPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outgoing IPv6 bytes blocked."
	::= { ifEntry 20 }

ifOut6BlockBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outgoing IPv6 bytes blocked."
	::= { ifEntry 21 }


-- tables
tblNumber  OBJECT-TYPE
	SYNTAX      Integer32
	MAX-ACCESS  read-only
	STATUS      current
	DESCRIPTION
	"The number of tables present on this system."
	::= { tables 1 }

tblTable OBJECT-TYPE
	SYNTAX		SEQUENCE OF TblEntry
	MAX-ACCESS	not-accessible
	STATUS		current
	DESCRIPTION
	"A list of individual tables. The number of entries is
	given by the value of tableNumber."
	::= { tables 128 }

tblEntry OBJECT-TYPE
	SYNTAX      TblEntry
	MAX-ACCESS  not-accessible
	STATUS      current
	DESCRIPTION
	"An entry containing management information applicable to a
	particular table."
	INDEX   { tblIndex }
	::= { tblTable 1 }

TblEntry ::=
	SEQUENCE {
		tblIndex		Integer32,
		tblName			OCTET STRING,
		tblAddresses		Integer32,
		tblAnchorRefs		Integer32,
		tblRuleRefs		Integer32,
		tblEvalsMatch		Counter64,
		tblEvalsNoMatch		Counter64,
		tblInPassPkts		Counter64,
		tblInPassBytes		Counter64,
		tblInBlockPkts		Counter64,
		tblInBlockBytes		Counter64,
		tblInXPassPkts		Counter64,
		tblInXPassBytes		Counter64,
		tblOutPassPkts		Counter64,
		tblOutPassBytes		Counter64,
		tblOutBlockPkts		Counter64,
		tblOutBlockBytes	Counter64,
		tblOutXPassPkts		Counter64,
		tblOutXPassBytes	Counter64,
		tblStatsCleared		TimeTicks
	}

tblIndex OBJECT-TYPE
	SYNTAX		Integer32 (1..2147483647)
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"A unique value, greater than zero, for each table."
	::= { tblEntry 1 }

tblName OBJECT-TYPE
	SYNTAX		OCTET STRING
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The name of the table."
	::= { tblEntry 2 }

tblAddresses OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of addresses currently stored in the table."
	::= { tblEntry 3 }

tblAnchorRefs OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of anchors which reference the table."
	::= { tblEntry 4 }

tblRuleRefs OBJECT-TYPE
	SYNTAX		Integer32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of rules which reference the table."
	::= { tblEntry 5 }

tblEvalsMatch OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of table evaluations that produced a match."
	::= { tblEntry 6 }

tblEvalsNoMatch OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of table evaluations that didn't match."
	::= { tblEntry 7 }

tblInPassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of packets passed in that matched the table."
	::= { tblEntry 8 }

tblInPassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of bytes passed in that matched the table."
	::= { tblEntry 9 }

tblInBlockPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of incoming packets blocked that matched the table."
	::= { tblEntry 10 }

tblInBlockBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number incoming bytes blocked that matched the table."
	::= { tblEntry 11 }

tblInXPassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of packets statefully passed in where the state
	entry refers to the table, but the table no longer contains
	the address in question."
	::= { tblEntry 12 }

tblInXPassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of bytes statefully passed in where the state
	entry refers to the table, but the table no longer contains
	the address in question."
	::= { tblEntry 13 }

tblOutPassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of packets passed out that matched the table."
	::= { tblEntry 14 }

tblOutPassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of bytes passed out that matched the table."
	::= { tblEntry 15 }

tblOutBlockPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outgoing packets blocked that matched the table."
	::= { tblEntry 16 }

tblOutBlockBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number outgoing bytes blocked that matched the table."
	::= { tblEntry 17 }

tblOutXPassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of packets statefully passed out where the state
	entry refers to the table, but the table no longer contains
	the address in question."
	::= { tblEntry 18 }

tblOutXPassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of bytes statefully passed out where the state
	entry refers to the table, but the table no longer contains
	the address in question."
	::= { tblEntry 19 }

tblStatsCleared OBJECT-TYPE
	SYNTAX		TimeTicks
	UNITS		"1/100th of a Second"
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of seconds that have passed since the statistics
	for this pf table were zeroed."
	::= { tblEntry 20 }

tblAddrTable OBJECT-TYPE
	SYNTAX		SEQUENCE OF TblAddrEntry
	MAX-ACCESS	not-accessible
	STATUS		current
	DESCRIPTION
	"A table containing the addresses/CIDR network blocks from 
	every table on the system."
	::= { tables 129 }

tblAddrEntry OBJECT-TYPE
	SYNTAX		TblAddrEntry
	MAX-ACCESS	not-accessible
	STATUS		current
	DESCRIPTION
	"An entry containing management information applicable to a
	particular table."
	INDEX		{ tblAddrTblIndex, tblAddrNet, tblAddrMask }
	::= { tblAddrTable 1 }

TblAddrEntry ::=
	SEQUENCE {
		tblAddrTblIndex		Integer32,
		tblAddrNet		IpAddress,
		tblAddrMask		Integer32,
		tblAddrCleared		TimeTicks,
		tblAddrInBlockPkts	Counter64,
		tblAddrInBlockBytes	Counter64,
		tblAddrInPassPkts	Counter64,
		tblAddrInPassBytes	Counter64,
		tblAddrOutBlockPkts	Counter64,
		tblAddrOutBlockBytes	Counter64,
		tblAddrOutPassPkts	Counter64,
		tblAddrOutPassBytes	Counter64
	}

tblAddrTblIndex OBJECT-TYPE
	SYNTAX		Integer32 (1..2147483647)
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The index value which uniquely identifies the table which
	contains this tblAddrNet/tblAddrMask pair."
	::= { tblAddrEntry 1 }

tblAddrNet OBJECT-TYPE
	SYNTAX		IpAddress
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The IP address portion of the CIDR network for this
	particular table entry."
	::= { tblAddrEntry 2 }

tblAddrMask OBJECT-TYPE
	SYNTAX		Integer32 (0..32)
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The CIDR bitmask for this particular table entry."
	::= { tblAddrEntry 3 }

tblAddrCleared OBJECT-TYPE
	SYNTAX		TimeTicks
	UNITS      	"1/100th of a Second"
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The time that's passed since the statistics where last cleared, or
	since the tblAddrNet/tblAddrMask pair was loaded into the table, 
	whichever is sooner."
	::= { tblAddrEntry 4 }

tblAddrInBlockPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of inbound packets blocked as a result of matching
	this table entry."
	::= { tblAddrEntry 5 }

tblAddrInBlockBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of inbound bytes blocked as a result of matching
	this table entry."
	::= { tblAddrEntry 6 }

tblAddrInPassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of inbound packets passed as a result of matching
	this table entry."
	::= { tblAddrEntry 7 }

tblAddrInPassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of inbound bytes passed as a result of matching
	this table entry."
	::= { tblAddrEntry 8 }

tblAddrOutBlockPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outbound packets blocked as a result of matching
	this table entry."
	::= { tblAddrEntry 9 }

tblAddrOutBlockBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outbound bytes blocked as a result of matching
	this table entry."
	::= { tblAddrEntry 10 }

tblAddrOutPassPkts OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outbound packets passed as a result of matchin
	this table entry."
	::= { tblAddrEntry 11 }

tblAddrOutPassBytes OBJECT-TYPE
	SYNTAX		Counter64
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
	"The number of outbound bytes passed as a result of matchg
	this table entry."
	::= { tblAddrEntry 12 }



-- END:  Don't forget this!
END

