{"id":92,"date":"2008-04-28T06:52:43","date_gmt":"2008-04-28T04:52:43","guid":{"rendered":"http:\/\/www.shukko.com\/x3\/2008\/04\/28\/basic-pfctl-control\/"},"modified":"2008-04-28T06:52:43","modified_gmt":"2008-04-28T04:52:43","slug":"basic-pfctl-control","status":"publish","type":"post","link":"https:\/\/www.shukko.com\/x3\/2008\/04\/28\/basic-pfctl-control\/","title":{"rendered":"basic pfctl control"},"content":{"rendered":"<p><code><br \/>\n# basic pfctl control<br \/>\n# ==<br \/>\n# This document: http:\/\/www.rdrs.net\/document\/<br \/>\n# Related: http:\/\/www.OpenBSD.org<br \/>\n# Last update: Tue Dec 28, 2004<br \/>\n# ==<br \/>\n# Note:<br \/>\n#  this document is only provided as a basic overview<br \/>\n#  for some common pfctl commands and is by no means<br \/>\n#  a replacement for the pfctl and pf manual pages.<\/p>\n<p>#### General PFCTL Commands ####<br \/>\n# pfctl -d                   disable packet-filtering<br \/>\n# pfctl -e                   enable packet-filtering<br \/>\n# pfctl -q                   run quiet<br \/>\n# pfctl -v -v                run even more verbose<\/p>\n<p>#### Loading PF Rules ####<br \/>\n# pfctl -f \/etc\/pf.conf      load \/etc\/pf.conf<br \/>\n# pfctl -n -f \/etc\/pf.conf   parse \/etc\/pf.conf, but dont load it<br \/>\n# pfctl -R -f \/etc\/pf.conf   load only the FILTER rules<br \/>\n# pfctl -N -f \/etc\/pf.conf   load only the NAT rules<br \/>\n# pfctl -O -f \/etc\/pf.conf   load only the OPTION rules<\/p>\n<p>#### Clearing PF Rules & Counters ####<br \/>\n# pfctl -F all               flush ALL<br \/>\n# pfctl -F rules             flush only the RULES<br \/>\n# pfctl -F queue             flush only queue's<br \/>\n# pfctl -F nat               flush only NAT<br \/>\n# pfctl -F info              flush all stats that are not part of any rule.<br \/>\n# pfctl -z                   clear all counters<br \/>\n# note: flushing rules do not touch any existing stateful connections<\/p>\n<p>#### Output PF Information ####<br \/>\n# pfctl -s rules             show filter information<br \/>\n# pfctl -v -s rules          show filter information for what FILTER rules hit..<br \/>\n# pfctl -vvsr                show filter information as above and prepend rule numbers<br \/>\n# pfctl -v -s nat            show NAT information, for which NAT rules hit..<br \/>\n# pfctl -s nat -i xl1        show NAT information for interface xl1<br \/>\n# pfctl -s queue             show QUEUE information<br \/>\n# pfctl -s label             show LABEL information<br \/>\n# pfctl -s state             show contents of the STATE table<br \/>\n# pfctl -s info              show statistics for state tables and packet normalization<br \/>\n# pfctl -s all               show everything<\/p>\n<p>#### Maintaining PF Tables ####<br \/>\n# pfctl -t addvhosts -T show                  show table addvhosts<br \/>\n# pfctl -vvsTables                            view global information about all tables<br \/>\n# pfctl -t addvhosts -T add 192.168.1.50      add entry to table addvhosts<br \/>\n# pfctl -t addvhosts -T add 192.168.1.0\/16    add a network to table addvhosts<br \/>\n# pfctl -t addvhosts -T delete 192.168.1.0\/16 delete nework from table addvhosts<br \/>\n# pfctl -t addvhosts -T flush                 remove all entries from table addvhosts<br \/>\n# pfctl -t addvhosts -T kill                  delete table addvhosts entirely<br \/>\n# pfctl -t addvhosts -T replace -f \/etc\/addvhosts reload table addvhosts on the fly<br \/>\n# pfctl -t addvhosts -T test 192.168.1.40     find ip address 192.168.1.40 in table addvhosts<br \/>\n# pfctl -T load -f \/etc\/pf.conf               load a new table definition<br \/>\n# pfctl -t addvhosts -T show -v               output stats for each ip address in table addvhosts<br \/>\n# pfctl -t addvhosts -T zero                  reset all counters for table addvhosts <\/p>\n<p><\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p># basic pfctl control # == # This document: http:\/\/www.rdrs.net\/document\/ # Related: http:\/\/www.OpenBSD.org # Last update: Tue Dec 28, 2004 # == # Note: # this document is only provided as a basic overview # for some common pfctl commands and is by no means # a replacement for the pfctl and pf manual pages. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48],"tags":[],"class_list":["post-92","post","type-post","status-publish","format-standard","hentry","category-ivir-zivir"],"_links":{"self":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/92","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/comments?post=92"}],"version-history":[{"count":0,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/92\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/media?parent=92"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/categories?post=92"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/tags?post=92"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}