Lines Matching +full:send +full:- +full:flush +full:- +full:out +full:- +full:sequence
24 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 .Bk -words
109 .Bl -tag -width Ds
132 characters, similar to how file system hierarchies are laid out.
150 .Bd -literal -offset indent
151 # pfctl -a "authpf/smith(1234)" -s rules
158 .Bd -literal -offset indent
159 # pfctl -a foo/bar -t mytable -T add 1.2.3.4 5.6.7.8
180 .Bd -literal -offset indent
181 # pfctl -a 'authpf/*' -sr
187 .Bd -literal -offset indent
188 # pfctl -a '*' -sr
191 To flush all rulesets and tables recursively, specify only
194 .Bd -literal -offset indent
195 # pfctl -a '*' -Fa
211 Flush the filter parameters specified by
215 .Bl -tag -width xxxxxxxxx -compact
217 Flush the NAT rules.
219 Flush the queue rules.
221 Flush the Ethernet filter rules.
223 Flush the filter rules.
225 Flush the state table (NAT and filter).
227 Flush the source tracking table.
229 Flush the filter information (statistics that are not bound to rules).
231 Flush the tables.
233 Flush the passive operating system fingerprints.
240 Flush all of the above.
254 flush the given anchor recursively.
299 .Dl # pfctl -k host
312 .Dl # pfctl -k host1 -k host2
316 .Dl # pfctl -k 192.168.1.0/24 -k 172.16.0.0/16
322 .Dl # pfctl -k 0.0.0.0/0 -k host2
333 .Dl # pfctl -k label -k foobar
337 of pfctl -s state),
344 .Dl # pfctl -k key -k 'tcp 10.0.0.1:80 <- 10.0.0.101:32123'
347 (as shown by pfctl -s state -vv),
353 .Dl # pfctl -k id -k 4823e84500000003
358 .Dl # pfctl -k id -k 4823e84500000018/2
360 It is also possible to kill states created from a rule with the route-to/reply-to
362 Note that rules routing via the default routing table (not via a route-to
366 .Dl # pfctl -k gateway -k 192.168.0.1
371 .Dl # pfctl -k gateway -k 192.168.0.0/24
373 States can also be killed based on their pre-NAT address:
375 .Dl # pfctl -k nat -k 192.168.0.1
380 This applies to states killed using the -k option and also will apply to the
381 flush command when flushing states.
385 .Dl # pfctl -M -i interface -Fs
391 .Bd -literal -offset indent
392 # echo "set loginterface fxp0" | pfctl -mf -
405 .Bl -tag -width xxxxxxxxx -compact
441 .Bl -tag -width xxxxxxxxxxx -compact
448 per-queue statistics are also shown.
458 the per-rule statistics (number of evaluations,
464 the per-rule statistics (number of evaluations,
499 source tracking statistics, the firewall's 32-bit hostid number and the
504 Show the running status and provide a non-zero exit status when disabled.
506 Show per-rule statistics (label, evaluations, packets total, bytes total,
507 packets in, bytes in, packets out, bytes out, state creations) of
536 .Bl -tag -width xxxxxxxxxxxxxx -compact
539 .It bad-offset
549 .It bad-timestamp
553 .It ip-option
555 .It proto-cksum
557 .It state-mismatch
558 packet was associated with a state entry, but sequence numbers did not match
559 .It state-insert
561 .It state-limit
563 .It src-limit
567 .It map-failed
582 .Bl -tag -width "expire number" -compact
595 .It Cm flush
596 Flush all addresses in a table.
609 Clear statistics only for addresses with non-zero statistics. Addresses
619 .Bd -literal -offset indent
620 # pfctl -Tl -f pf.conf
647 .Bl -tag -width XXX -compact
678 The following commands configure the firewall and send 10 pings to the FTP
680 .Bd -literal -offset indent
682 pass out to <test>\en" | pfctl -f-
683 # ping -qc10 ftp.openbsd.org
693 .Bd -literal -offset indent
694 # pfctl -t test -vTshow
699 Out/Block: [ Packets: 0 Bytes: 0 ]
700 Out/Pass: [ Packets: 10 Bytes: 840 ]
713 .Bd -literal -offset indent
714 # pfctl -vvsTables
715 --a-r-C test
723 Out/Block: [ Packets: 0 Bytes: 0 ]
724 Out/Pass: [ Packets: 10 Bytes: 840 ]
725 Out/XPass: [ Packets: 0 Bytes: 0 ]
728 As we can see here, only one packet \- the initial ping request \- matched the
749 .Bl -tag -width XXX -compact
776 This flag is set when per-address counters are enabled on the table.
789 .Bl -tag -width xxxxxxxxxxxx -compact
800 Clear per-rule statistics.
803 .Bl -tag -width "/etc/pf.conf" -compact
817 .Xr ftp-proxy 8 ,