====pf Administration====

pf is the application used for packet filtering on [[Servers gobstopper]] and [[Servers fireball]].

===Flush current nat rules & reload===

%%/sbin/pfctl -F nat && /sbin/pfctl -N /etc/pf.conf%%

===Flush current filter rules & reload===

%%/sbin/pfctl -F rules && /sbin/pfctl -R /etc/pf.conf%%

===Show filter information (statistics and counters)===

%%pfctl -s info%%

===To display the current list of active MAP/Redirect filters and active sessions===

%%/sbin/pfctl -s state%%

===To find out the "hit" statistic for each individual rule in /etc/pf.conf===

%%/sbin/pfctl -s rules -v%%

===Check network connections & other network details(man netstat for more details)===

%%netstat%%

===Watch port scans going by on the screen===

/var/log/pflog is a binary file generated by pflogd so you can't just view it. Use tcpdump instead:

%%tcpdump -i pflog0%%

===Read the log for pf activities===

%%tcpdump -n -e -ttt -r /var/log/pflog%%

%%pfctl -vs queue%%

===Adding IP to a pf table to block===

%%pfctl -t tablename -T add <0.0.0.0>%%

===disable pf===

%%pfctl -d%%

===enable pf (with no rules)===

%%pfctl -e%%

----
CategoryITMisc