General PFCTL Commands

PF pfctl cheat sheet :source-highlighter: rouge :rouge-style: igor_pro :icons: font

Pobrane z https://gist.github.com/tracphil/4353170 (źródło niedostępne)

basic pfctl control
==
Related: http://www.OpenBSD.org
Last update: Tue Dec 28, 2004
==
Note:
this document is only provided as a basic overview
for some common pfctl commands and is by no means
a replacement for the pfctl and pf manual pages.

General PFCTL Commands

Polecenie	Opis
pfctl -d	disable packet-filtering
pfctl -e	enable packet-filtering
pfctl -q	run quiet
pfctl -v	-v run even more verbose

Polecenie

Opis

pfctl -d

disable packet-filtering

pfctl -e

enable packet-filtering

pfctl -q

run quiet

pfctl -v

-v run even more verbose

Loading PF Rules

Polecenie	Opis
pfctl -f /etc/pf.conf	load /etc/pf.conf
pfctl -n -f /etc/pf.conf	parse /etc/pf.conf, but dont load it
pfctl -R -f /etc/pf.conf	load only the FILTER rules
pfctl -N -f /etc/pf.conf	load only the NAT rules
pfctl -O -f /etc/pf.conf	load only the OPTION rules

Polecenie

Opis

pfctl -f /etc/pf.conf

load /etc/pf.conf

pfctl -n -f /etc/pf.conf

parse /etc/pf.conf, but dont load it

pfctl -R -f /etc/pf.conf

load only the FILTER rules

pfctl -N -f /etc/pf.conf

load only the NAT rules

pfctl -O -f /etc/pf.conf

load only the OPTION rules

Clearing PF Rules & Counters

Polecenie	Opis
pfctl -F all	flush ALL
pfctl -F rules	flush only the RULES
pfctl -F queue	flush only queue’s
pfctl -F nat	flush only NAT
pfctl -F info	flush all stats that are not part of any rule.
pfctl -z clear	all counters

Polecenie

Opis

pfctl -F all

flush ALL

pfctl -F rules

flush only the RULES

pfctl -F queue

flush only queue’s

pfctl -F nat

flush only NAT

pfctl -F info

flush all stats that are not part of any rule.

pfctl -z clear

all counters

note: flushing rules do not touch any existing stateful connections

Output PF Information

Polecenie	Opis
pfctl -s rules	show filter information
pfctl -v -s rules	show filter information for what FILTER rules hit..
pfctl -vvsr	show filter information as above and prepend rule numbers
pfctl -v -s nat	show NAT information, for which NAT rules hit..
pfctl -s nat -i xl1	show NAT information for interface xl1
pfctl -s queue	show QUEUE information
pfctl -s label	show LABEL information
pfctl -s state	show contents of the STATE table
pfctl -s info	show statistics for state tables and packet normalization
pfctl -s all	show everything

Polecenie

Opis

pfctl -s rules

show filter information

pfctl -v -s rules

show filter information for what FILTER rules hit..

pfctl -vvsr

show filter information as above and prepend rule numbers

pfctl -v -s nat

show NAT information, for which NAT rules hit..

pfctl -s nat -i xl1

show NAT information for interface xl1

pfctl -s queue

show QUEUE information

pfctl -s label

show LABEL information

pfctl -s state

show contents of the STATE table

pfctl -s info

show statistics for state tables and packet normalization

pfctl -s all

show everything

Maintaining PF Tables

Polecenie	Opis
pfctl -t addvhosts -T show	show table addvhosts
pfctl -vvsTables	view global information about all tables
pfctl -t addvhosts -T add 192.168.1.50	add entry to table addvhosts
pfctl -t addvhosts -T add 192.168.1.0/16	add a network to table addvhosts
pfctl -t addvhosts -T delete 192.168.1.0/16	delete nework from table addvhosts
pfctl -t addvhosts -T flush	remove all entries from table addvhosts
pfctl -t addvhosts -T kill	delete table addvhosts entirely
pfctl -t addvhosts -T replace -f /etc/addvhosts	reload table addvhosts on the fly
pfctl -t addvhosts -T test 192.168.1.40	find ip address 192.168.1.40 in table addvhosts
pfctl -T load -f /etc/pf.conf	load a new table definition
pfctl -t addvhosts -T show -v output	stats for each ip address in table addvhosts
pfctl -t addvhosts -T zero	reset all counters for table addvhosts

Polecenie

Opis

pfctl -t addvhosts -T show

show table addvhosts

pfctl -vvsTables

view global information about all tables

pfctl -t addvhosts -T add 192.168.1.50

add entry to table addvhosts

pfctl -t addvhosts -T add 192.168.1.0/16

add a network to table addvhosts

pfctl -t addvhosts -T delete 192.168.1.0/16

delete nework from table addvhosts

pfctl -t addvhosts -T flush

remove all entries from table addvhosts

pfctl -t addvhosts -T kill

delete table addvhosts entirely

pfctl -t addvhosts -T replace -f /etc/addvhosts

reload table addvhosts on the fly

pfctl -t addvhosts -T test 192.168.1.40

find ip address 192.168.1.40 in table addvhosts

pfctl -T load -f /etc/pf.conf

load a new table definition

pfctl -t addvhosts -T show -v output

stats for each ip address in table addvhosts

pfctl -t addvhosts -T zero

reset all counters for table addvhosts

wstecz

Note	Date: 2020-10-22T01:53:14+02:00