Lines Matching +full:en +full:- +full:host1
35 .Bk -words
109 .Bl -tag -width Ds
149 .Bd -literal -offset indent
150 # pfctl -a "authpf/smith(1234)" -s rules
157 .Bd -literal -offset indent
158 # pfctl -a foo/bar -t mytable -T add 1.2.3.4 5.6.7.8
179 .Bd -literal -offset indent
180 # pfctl -a 'authpf/*' -sr
186 .Bd -literal -offset indent
187 # pfctl -a '*' -sr
193 .Bd -literal -offset indent
194 # pfctl -a '*' -Fa
214 .Bl -tag -width xxxxxxxxxxxx -compact
298 .Dl # pfctl -k host
307 .Dq host1
311 .Dl # pfctl -k host1 -k host2
315 .Dl # pfctl -k 192.168.1.0/24 -k 172.16.0.0/16
321 .Dl # pfctl -k 0.0.0.0/0 -k host2
332 .Dl # pfctl -k label -k foobar
335 (protocol, host1, port1, direction, host2 and port2 in the same format
336 of pfctl -s state),
343 .Dl # pfctl -k key -k 'tcp 10.0.0.1:80 <- 10.0.0.101:32123'
346 (as shown by pfctl -s state -vv),
352 .Dl # pfctl -k id -k 4823e84500000003
357 .Dl # pfctl -k id -k 4823e84500000018/2
359 It is also possible to kill states created from a rule with the route-to/reply-to
361 Note that rules routing via the default routing table (not via a route-to
365 .Dl # pfctl -k gateway -k 192.168.0.1
370 .Dl # pfctl -k gateway -k 192.168.0.0/24
372 States can also be killed based on their pre-NAT address:
374 .Dl # pfctl -k nat -k 192.168.0.1
379 This applies to states killed using the -k option and also will apply to the
384 .Dl # pfctl -M -i interface -Fs
390 .Bd -literal -offset indent
391 # echo "set loginterface fxp0" | pfctl -mf -
404 .Bl -tag -width xxxxxxxxxxxx -compact
439 .Bl -tag -width xxxxxxxxxxxxx -compact
446 per-queue statistics are also shown.
456 the per-rule statistics (number of evaluations,
462 the per-rule statistics (number of evaluations,
469 (even though the rule is not evaluated more than once for the entire
490 source tracking statistics, the firewall's 32-bit hostid number and the
495 Show the running status and provide a non-zero exit status when disabled.
497 Show per-rule statistics (label, evaluations, packets total, bytes total,
527 .Bl -tag -width xxxxxxxxxxxxxx -compact
530 .It bad-offset
540 .It bad-timestamp
544 .It ip-option
546 .It proto-cksum
548 .It state-mismatch
550 .It state-insert
552 .It state-limit
554 .It src-limit
558 .It map-failed
572 .Bl -tag -width xxxxxxxxxxxx -compact
599 Clear statistics only for addresses with non-zero statistics. Addresses
609 .Bd -literal -offset indent
610 # pfctl -Tl -f pf.conf
637 .Bl -tag -width XXX -compact
670 .Bd -literal -offset indent
671 # printf "table <test> counters { ftp.openbsd.org }\en \e
672 pass out to <test>\en" | pfctl -f-
673 # ping -qc10 ftp.openbsd.org
683 .Bd -literal -offset indent
684 # pfctl -t test -vTshow
703 .Bd -literal -offset indent
704 # pfctl -vvsTables
705 --a-r-C test
718 As we can see here, only one packet \- the initial ping request \- matched the
739 .Bl -tag -width XXX -compact
766 This flag is set when per-address counters are enabled on the table.
781 .Bl -tag -width xxxxxxxxxxxx -compact
792 Clear per-rule statistics.
795 .Bl -tag -width "/etc/pf.conf" -compact
809 .Xr ftp-proxy 8 ,