Skip to content

Instantly share code, notes, and snippets.

@gmsotavio
Forked from johnbianchi/pfctl-cheatsheet.txt
Created November 24, 2023 20:24
Show Gist options
  • Save gmsotavio/4d916bdfaa1ac5f96756f9280ace66a9 to your computer and use it in GitHub Desktop.
Save gmsotavio/4d916bdfaa1ac5f96756f9280ace66a9 to your computer and use it in GitHub Desktop.
pfctl cheat sheet
#### General PFCTL Commands ####
$ pfctl -d disable # packet-filtering
$ pfctl -e enable # packet-filtering
$ pfctl -q # run quiet
$ pfctl -v -v # run even more verbose
#### Loading PF Rules ####
$ pfctl -f /etc/pf.conf # load /etc/pf.conf
$ pfctl -n -f /etc/pf.conf # parse /etc/pf.conf, but dont load it
$ pfctl -R -f /etc/pf.conf # load only the FILTER rules
$ pfctl -N -f /etc/pf.conf # load only the NAT rules
$ pfctl -O -f /etc/pf.conf # load only the OPTION rules
#### Clearing PF Rules & Counters ####
$ pfctl -F all # flush ALL (note: flushing rules do not touch any existing stateful connections)
$ pfctl -F rules # flush only the RULES
$ pfctl -F queue # flush only queue’s
$ pfctl -F nat # flush only NAT
$ pfctl -F info # flush all stats that are not part of any rule.
$ pfctl -z clear # all counters
#### Output PF Information ####
$ pfctl -s rules # show filter information
$ pfctl -v -s rules # show filter information for what FILTER rules hit..
$ pfctl -vvsr # show filter information as above and prepend rule numbers
$ pfctl -v -s nat # show NAT information, for which NAT rules hit..
$ pfctl -s nat -i xl1 # show NAT information for interface xl1
$ pfctl -s queue # show QUEUE information
$ pfctl -s label # show LABEL information
$ pfctl -s state # show contents of the STATE table
$ pfctl -s info # show statistics for state tables and packet normalization
$ pfctl -s all # show everything
#### Maintaining PF Tables ####
$ pfctl -t addvhosts -T # show show table addvhosts
$ pfctl -vvsTables # view global information about all tables
$ pfctl -t addvhosts -T add 192.168.1.50 # add entry to table addvhosts
$ pfctl -t addvhosts -T add 192.168.1.0/16 # add a network to table addvhosts
$ pfctl -t addvhosts -T delete 192.168.1.0/16 # delete nework from table addvhosts
$ pfctl -t addvhosts -T flush # remove all entries from table addvhosts
$ pfctl -t addvhosts -T kill # delete table addvhosts entirely
$ pfctl -t addvhosts -T replace -f /etc/addvhosts # reload table addvhosts on the fly
$ pfctl -t addvhosts -T test 192.168.1.40 # find ip address 192.168.1.40 in table addvhosts
$ pfctl -T load -f /etc/pf.conf # load a new table definition
$ pfctl -t addvhosts -T show -v # output stats for each ip address in table addvhosts
$ pfctl -t addvhosts -T zero # reset all counters for table addvhosts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment