basic pfctl control

# basic pfctl control # == # This document: http://www.rdrs.net/document/ # Related: http://www.OpenBSD.org # Last update: Tue Dec 28, 2004 # == # Note: # this document is only provided as a basic overview # for some common pfctl commands and is by no means # a replacement for the pfctl and pf manual pages.


#### General PFCTL Commands ####

# pfctl -d                   disable packet-filtering

# pfctl -e                   enable packet-filtering

# pfctl -q                   run quiet

# pfctl -v -v                run even more verbose
#### Loading PF Rules ####

# pfctl -f /etc/pf.conf      load /etc/pf.conf

# pfctl -n -f /etc/pf.conf   parse /etc/pf.conf, but dont load it

# pfctl -R -f /etc/pf.conf   load only the FILTER rules

# pfctl -N -f /etc/pf.conf   load only the NAT rules

# pfctl -O -f /etc/pf.conf   load only the OPTION rules
#### Clearing PF Rules & Counters ####

# pfctl -F all               flush ALL

# pfctl -F rules             flush only the RULES

# pfctl -F queue             flush only queue's

# pfctl -F nat               flush only NAT

# pfctl -F info              flush all stats that are not part of any rule.

# pfctl -z                   clear all counters

# note: flushing rules do not touch any existing stateful connections
#### Output PF Information ####

# pfctl -s rules             show filter information

# pfctl -v -s rules          show filter information for what FILTER rules hit..

# pfctl -vvsr                show filter information as above and prepend rule numbers

# pfctl -v -s nat            show NAT information, for which NAT rules hit..

# pfctl -s nat -i xl1        show NAT information for interface xl1

# pfctl -s queue             show QUEUE information

# pfctl -s label             show LABEL information

# pfctl -s state             show contents of the STATE table

# pfctl -s info              show statistics for state tables and packet normalization

# pfctl -s all               show everything
#### Maintaining PF Tables ####

# pfctl -t addvhosts -T show                  show table addvhosts

# pfctl -vvsTables                            view global information about all tables

# pfctl -t addvhosts -T add 192.168.1.50      add entry to table addvhosts

# pfctl -t addvhosts -T add 192.168.1.0/16    add a network to table addvhosts

# pfctl -t addvhosts -T delete 192.168.1.0/16 delete nework from table addvhosts

# pfctl -t addvhosts -T flush                 remove all entries from table addvhosts

# pfctl -t addvhosts -T kill                  delete table addvhosts entirely

# pfctl -t addvhosts -T replace -f /etc/addvhosts reload table addvhosts on the fly

# pfctl -t addvhosts -T test 192.168.1.40     find ip address 192.168.1.40 in table addvhosts

# pfctl -T load -f /etc/pf.conf               load a new table definition

# pfctl -t addvhosts -T show -v               output stats for each ip address in table addvhosts

# pfctl -t addvhosts -T zero                  reset all counters for table addvhosts

shukko.com v.x3

shukko.com hiç kimse ve kendisi için sHuKKo tarafından düzensiz güncellenen yayın organı...

shukko hakkında