Lines Matching +full:c +full:- +full:states

3 .\" Copyright (c) 2001 Kjell Wooding.  All rights reserved.
35 .Bk -words
109 .Bl -tag -width Ds
149 .Bd -literal -offset indent
150 # pfctl -a "authpf/smith(1234)" -s rules
157 .Bd -literal -offset indent
158 # pfctl -a foo/bar -t mytable -T add 1.2.3.4 5.6.7.8
164 This is similar to C rules for variable scope.
179 .Bd -literal -offset indent
180 # pfctl -a 'authpf/*' -sr
186 .Bd -literal -offset indent
187 # pfctl -a '*' -sr
193 .Bd -literal -offset indent
194 # pfctl -a '*' -Fa
214 .Bl -tag -width xxxxxxxxxxxx -compact
223 .It Fl F Cm states
298 .Dl # pfctl -k host
311 .Dl # pfctl -k host1 -k host2
313 To kill all states originating from 192.168.1.0/24 to 172.16.0.0/16:
315 .Dl # pfctl -k 192.168.1.0/24 -k 172.16.0.0/16
318 To kill all states with the target
321 .Dl # pfctl -k 0.0.0.0/0 -k host2
323 It is also possible to kill states by rule label, state key or state ID.
328 The following command would kill all states that have been created
332 .Dl # pfctl -k label -k foobar
336 of pfctl -s state),
343 .Dl # pfctl -k key -k 'tcp 10.0.0.1:80 <- 10.0.0.101:32123'
346 (as shown by pfctl -s state -vv),
352 .Dl # pfctl -k id -k 4823e84500000003
357 .Dl # pfctl -k id -k 4823e84500000018/2
359 It is also possible to kill states created from a rule with the route-to/reply-to
361 Note that rules routing via the default routing table (not via a route-to
363 To kill all states using a gateway of 192.168.0.1 use:
365 .Dl # pfctl -k gateway -k 192.168.0.1
368 To kill all states using a gateway in 192.168.0.0/24:
370 .Dl # pfctl -k gateway -k 192.168.0.0/24
372 States can also be killed based on their pre-NAT address:
374 .Dl # pfctl -k nat -k 192.168.0.1
377 Kill matching states in the opposite direction (on other interfaces) when
378 killing states.
379 This applies to states killed using the -k option and also will apply to the
380 flush command when flushing states.
381 This is useful when an interface is specified when flushing states.
384 .Dl # pfctl -M -i interface -Fs
390 .Bd -literal -offset indent
391 # echo "set loginterface fxp0" | pfctl -mf -
404 .Bl -tag -width xxxxxxxxxxxx -compact
429 Perform reverse DNS lookups on states and tables when displaying them.
439 .Bl -tag -width xxxxxxxxxxxxx -compact
446 per-queue statistics are also shown.
456 the per-rule statistics (number of evaluations,
462 the per-rule statistics (number of evaluations,
482 .It Fl s Cm states
490 source tracking statistics, the firewall's 32-bit hostid number and the
495 Show the running status and provide a non-zero exit status when disabled.
497 Show per-rule statistics (label, evaluations, packets total, bytes total,
527 .Bl -tag -width xxxxxxxxxxxxxx -compact
530 .It bad-offset
540 .It bad-timestamp
544 .It ip-option
546 .It proto-cksum
548 .It state-mismatch
550 .It state-insert
552 .It state-limit
554 .It src-limit
558 .It map-failed
572 .Bl -tag -width xxxxxxxxxxxx -compact
599 Clear statistics only for addresses with non-zero statistics. Addresses
609 .Bd -literal -offset indent
610 # pfctl -Tl -f pf.conf
637 .Bl -tag -width XXX -compact
640 .It C
670 .Bd -literal -offset indent
672     pass out to <test>\en" | pfctl -f-
673 # ping -qc10 ftp.openbsd.org
683 .Bd -literal -offset indent
684 # pfctl -t test -vTshow
703 .Bd -literal -offset indent
704 # pfctl -vvsTables
705 --a-r-C test
718 As we can see here, only one packet \- the initial ping request \- matched the
739 .Bl -tag -width XXX -compact
740 .It c
765 .It C
766 This flag is set when per-address counters are enabled on the table.
781 .Bl -tag -width xxxxxxxxxxxx -compact
792 Clear per-rule statistics.
795 .Bl -tag -width "/etc/pf.conf" -compact
809 .Xr ftp-proxy 8 ,