pfctl.8 - OpenGrok cross reference for /freebsd/sbin/pfctl/pfctl.8

Lines Matching +full:only +full:- +full:1 +full:- +full:8 +full:v
1 .\" $OpenBSD: pfctl.8,v 1.138 2008/06/10 20:55:02 mcbride Exp $
8 .\" 1. Redistributions of source code must retain the above copyright
28 .Dt PFCTL 8
35 .Bk -words
93 .Xr rc 8
98 .Xr sysctl 8
103 to 1.
111 .Bl -tag -width Ds
113 Load only the queue rules present in the rule file.
121 only to the rules in the specified
148 .Xr authpf 8 ,
150 .Bd -literal -offset indent
151 # pfctl -a "authpf/smith(1234)" -s rules
158 .Bd -literal -offset indent
159 # pfctl -a foo/bar -t mytable -T add 1.2.3.4 5.6.7.8
170 By default, recursive inline printing of anchors applies only to unnamed
180 .Bd -literal -offset indent
181 # pfctl -a 'authpf/*' -sr
184 To print the main ruleset recursively, specify only
187 .Bd -literal -offset indent
188 # pfctl -a '*' -sr
208 .Bl -tag -width xxxxxxxxxxxx -compact
273 .Dl # pfctl -k host
286 .Dl # pfctl -k host1 -k host2
290 .Dl # pfctl -k 192.168.1.0/24 -k 172.16.0.0/16
296 .Dl # pfctl -k 0.0.0.0/0 -k host2
307 .Dl # pfctl -k label -k foobar
310 (as shown by pfctl -s state -vv),
316 .Dl # pfctl -k id -k 4823e84500000003
321 .Dl # pfctl -k id -k 4823e84500000018/2
323 It is also possible to kill states created from a rule with the route-to/reply-to
325 Note that rules routing via the default routing table (not via a route-to
329 .Dl # pfctl -k gateway -k 192.168.0.1
334 .Dl # pfctl -k gateway -k 192.168.0.0/24
336 States can also be killed based on their pre-NAT address:
338 .Dl # pfctl -k nat -k 192.168.0.1
343 This applies to states killed using the -k option and also will apply to the
348 .Dl # pfctl -M -i interface -Fs
354 .Bd -literal -offset indent
355 # echo "set loginterface fxp0" | pfctl -mf -
358 Load only the NAT rules present in the rule file.
363 Load only the options present in the rule file.
368 .Bl -tag -width xxxxxxxxxxxx -compact
388 Only print errors and warnings.
390 Load only the filter rules present in the rule file.
399 .Bl -tag -width xxxxxxxxxxxxx -compact
405 .Fl v ,
406 per-queue statistics are also shown.
408 .Fl v v ,
415 .Fl v ,
416 the per-rule statistics (number of evaluations,
421 .Fl v ,
422 the per-rule statistics (number of evaluations,
439 .Fl v
449 .Fl v ,
452 Show the running status and provide a non-zero exit status when disabled.
454 Show per-rule statistics (label, evaluations, packets total, bytes total,
468 .Fl v ,
485 .Bl -tag -width xxxxxxxxxxxx -compact
510 Clear all the statistics of a table, or only for specified addresses.
512 Clear statistics only for addresses with non-zero statistics. Addresses
517 Load only the table definitions from
522 .Bd -literal -offset indent
523 # pfctl -Tl -f pf.conf
543 .Fl v
550 .Bl -tag -width XXX -compact
561 operation only
574 .Fl v
583 .Bd -literal -offset indent
585     pass out to <test>\en" | pfctl -f-
586 # ping -qc10 ftp.openbsd.org
596 .Bd -literal -offset indent
597 # pfctl -t test -vTshow
608 .Fl v
616 .Bd -literal -offset indent
617 # pfctl -vvsTables
618 --a-r-C test
619     Addresses:   1
621     References:  [ Anchors: 0        Rules: 1        ]
622     Evaluations: [ NoMatch: 3496     Match: 1        ]
631 As we can see here, only one packet \- the initial ping request \- matched the
643 .Xr ping 8
647 .Fl v ,
649 will only display the first line containing the table flags and name.
652 .Bl -tag -width XXX -compact
664 only listed if the
671 This flag can only be witnessed briefly during the loading of
679 This flag is set when per-address counters are enabled on the table.
683 .It Fl v
686 .Fl v
694 .Bl -tag -width xxxxxxxxxxxx -compact
698 Generate debug messages only for serious errors.
705 Clear per-rule statistics.
708 .Bl -tag -width "/etc/pf.conf" -compact
721 .Xr authpf 8 ,
722 .Xr ftp-proxy 8 ,
723 .Xr rc 8 ,
724 .Xr sysctl 8