pf Administration
pf is the application used for packet filtering on gobstopper and fireball.
Flush current nat rules & reload
/sbin/pfctl -F nat && /sbin/pfctl -N /etc/pf.conf
Flush current filter rules & reload
/sbin/pfctl -F rules && /sbin/pfctl -R /etc/pf.conf
Show filter information (statistics and counters)
pfctl -s info
To display the current list of active MAP/Redirect filters and active sessions
/sbin/pfctl -s state
To find out the "hit" statistic for each individual rule in /etc/pf.conf
/sbin/pfctl -s rules -v
Check network connections & other network details(man netstat for more details)
netstat
Watch port scans going by on the screen
/var/log/pflog is a binary file generated by pflogd so you can't just view it. Use tcpdump instead:
tcpdump -i pflog0
Read the log for pf activities
tcpdump -n -e -ttt -r /var/log/pflog
pfctl -vs queue
Adding IP to a pf table to block
pfctl -t tablename -T add <0.0.0.0>
disable pf
pfctl -d
enable pf (with no rules)
pfctl -e
CategoryITMisc
