Last active
November 29, 2023 22:10
-
-
Save johnbianchi/795cbec1aefb657906d7c0af623ae9bc to your computer and use it in GitHub Desktop.
pfctl cheat sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### General PFCTL Commands #### | |
| $ pfctl -d disable # packet-filtering | |
| $ pfctl -e enable # packet-filtering | |
| $ pfctl -q # run quiet | |
| $ pfctl -v -v # run even more verbose | |
| #### Loading PF Rules #### | |
| $ pfctl -f /etc/pf.conf # load /etc/pf.conf | |
| $ pfctl -n -f /etc/pf.conf # parse /etc/pf.conf, but dont load it | |
| $ pfctl -R -f /etc/pf.conf # load only the FILTER rules | |
| $ pfctl -N -f /etc/pf.conf # load only the NAT rules | |
| $ pfctl -O -f /etc/pf.conf # load only the OPTION rules | |
| #### Clearing PF Rules & Counters #### | |
| $ pfctl -F all # flush ALL (note: flushing rules do not touch any existing stateful connections) | |
| $ pfctl -F rules # flush only the RULES | |
| $ pfctl -F queue # flush only queue’s | |
| $ pfctl -F nat # flush only NAT | |
| $ pfctl -F info # flush all stats that are not part of any rule. | |
| $ pfctl -z clear # all counters | |
| #### Output PF Information #### | |
| $ pfctl -s rules # show filter information | |
| $ pfctl -v -s rules # show filter information for what FILTER rules hit.. | |
| $ pfctl -vvsr # show filter information as above and prepend rule numbers | |
| $ pfctl -v -s nat # show NAT information, for which NAT rules hit.. | |
| $ pfctl -s nat -i xl1 # show NAT information for interface xl1 | |
| $ pfctl -s queue # show QUEUE information | |
| $ pfctl -s label # show LABEL information | |
| $ pfctl -s state # show contents of the STATE table | |
| $ pfctl -s info # show statistics for state tables and packet normalization | |
| $ pfctl -s all # show everything | |
| #### Maintaining PF Tables #### | |
| $ pfctl -t addvhosts -T # show show table addvhosts | |
| $ pfctl -vvsTables # view global information about all tables | |
| $ pfctl -t addvhosts -T add 192.168.1.50 # add entry to table addvhosts | |
| $ pfctl -t addvhosts -T add 192.168.1.0/16 # add a network to table addvhosts | |
| $ pfctl -t addvhosts -T delete 192.168.1.0/16 # delete nework from table addvhosts | |
| $ pfctl -t addvhosts -T flush # remove all entries from table addvhosts | |
| $ pfctl -t addvhosts -T kill # delete table addvhosts entirely | |
| $ pfctl -t addvhosts -T replace -f /etc/addvhosts # reload table addvhosts on the fly | |
| $ pfctl -t addvhosts -T test 192.168.1.40 # find ip address 192.168.1.40 in table addvhosts | |
| $ pfctl -T load -f /etc/pf.conf # load a new table definition | |
| $ pfctl -t addvhosts -T show -v # output stats for each ip address in table addvhosts | |
| $ pfctl -t addvhosts -T zero # reset all counters for table addvhosts |
Show all rules by line number:
pfctl -gsr | grep ^@
Show built-in tables, e.g. internal:network
pfctl -a _pf -t internal:network -T show
How to drop/ignore all RST packets received from a certain IP ?! 🤔
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
pfctl -vsA -- to show all anchors