API tools faq
paste
Advertisement
seiburii

Basic pfctl control

seiburii
May 18th, 2019
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.51 KB | None | 0 0
raw download clone embed print report
  1. # basic pfctl control
  2. # ==
  3. # Related: http://www.OpenBSD.org
  4. # Last update: Tue Dec 28, 2004
  5. # ==
  6. # Note:
  7. # this document is only provided as a basic overview
  8. # for some common pfctl commands and is by no means
  9. # a replacement for the pfctl and pf manual pages.
  10.  
  11. #### General PFCTL Commands ####
  12. # pfctl -d disable packet-filtering
  13. # pfctl -e enable packet-filtering
  14. # pfctl -q run quiet
  15. # pfctl -v -v run even more verbose
  16.  
  17. #### Loading PF Rules ####
  18. # pfctl -f /etc/pf.conf load /etc/pf.conf
  19. # pfctl -n -f /etc/pf.conf parse /etc/pf.conf, but dont load it
  20. # pfctl -R -f /etc/pf.conf load only the FILTER rules
  21. # pfctl -N -f /etc/pf.conf load only the NAT rules
  22. # pfctl -O -f /etc/pf.conf load only the OPTION rules
  23.  
  24. #### Clearing PF Rules & Counters ####
  25. # pfctl -F all flush ALL
  26. # pfctl -F rules flush only the RULES
  27. # pfctl -F queue flush only queue’s
  28. # pfctl -F nat flush only NAT
  29. # pfctl -F info flush all stats that are not part of any rule.
  30. # pfctl -z clear all counters
  31. # note: flushing rules do not touch any existing stateful connections
  32.  
  33. #### Output PF Information ####
  34. # pfctl -s rules show filter information
  35. # pfctl -v -s rules show filter information for what FILTER rules hit..
  36. # pfctl -vvsr show filter information as above and prepend rule numbers
  37. # pfctl -v -s nat show NAT information, for which NAT rules hit..
  38. # pfctl -s nat -i xl1 show NAT information for interface xl1
  39. # pfctl -s queue show QUEUE information
  40. # pfctl -s label show LABEL information
  41. # pfctl -s state show contents of the STATE table
  42. # pfctl -s info show statistics for state tables and packet normalization
  43. # pfctl -s all show everything
  44.  
  45. #### Maintaining PF Tables ####
  46. # pfctl -t addvhosts -T show show table addvhosts
  47. # pfctl -vvsTables view global information about all tables
  48. # pfctl -t addvhosts -T add 192.168.1.50 add entry to table addvhosts
  49. # pfctl -t addvhosts -T add 192.168.1.0/16 add a network to table addvhosts
  50. # pfctl -t addvhosts -T delete 192.168.1.0/16 delete nework from table addvhosts
  51. # pfctl -t addvhosts -T flush remove all entries from table addvhosts
  52. # pfctl -t addvhosts -T kill delete table addvhosts entirely
  53. # pfctl -t addvhosts -T replace -f /etc/addvhosts reload table addvhosts on the fly
  54. # pfctl -t addvhosts -T test 192.168.1.40 find ip address 192.168.1.40 in table addvhosts
  55. # pfctl -T load -f /etc/pf.conf load a new table definition
  56. # pfctl -t addvhosts -T show -v output stats for each ip address in table addvhosts
  57. # pfctl -t addvhosts -T zero reset all counters for table addvhosts
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!