Lines Matching +full:state +full:- +full:labels
35 .Bk -words
109 .Bl -tag -width Ds
150 .Bd -literal -offset indent
151 # pfctl -a "authpf/smith(1234)" -s rules
158 .Bd -literal -offset indent
159 # pfctl -a foo/bar -t mytable -T add 1.2.3.4 5.6.7.8
180 .Bd -literal -offset indent
181 # pfctl -a 'authpf/*' -sr
187 .Bd -literal -offset indent
188 # pfctl -a '*' -sr
194 .Bd -literal -offset indent
195 # pfctl -a '*' -Fa
215 .Bl -tag -width xxxxxxxxx -compact
225 Flush the state table (NAT and filter).
286 Kill all of the state entries matching the specified
296 For example, to kill all of the state entries originating from
299 .Dl # pfctl -k host
305 option may be specified, which will kill all the state entries
307 To kill all of the state entries from
312 .Dl # pfctl -k host1 -k host2
316 .Dl # pfctl -k 192.168.1.0/24 -k 172.16.0.0/16
322 .Dl # pfctl -k 0.0.0.0/0 -k host2
324 It is also possible to kill states by rule label, state key or state ID.
333 .Dl # pfctl -k label -k foobar
335 To kill one specific state by its key
337 of pfctl -s state),
340 modifier and as a second argument the state key.
341 To kill a state whose protocol is TCP and originating from
344 .Dl # pfctl -k key -k 'tcp 10.0.0.1:80 <- 10.0.0.101:32123'
346 To kill one specific state by its unique state ID
347 (as shown by pfctl -s state -vv),
350 modifier and as a second argument the state ID and optional creator ID.
351 To kill a state with ID 4823e84500000003 use:
353 .Dl # pfctl -k id -k 4823e84500000003
355 To kill a state with ID 4823e84500000018 created from a backup
358 .Dl # pfctl -k id -k 4823e84500000018/2
360 It is also possible to kill states created from a rule with the route-to/reply-to
362 Note that rules routing via the default routing table (not via a route-to
366 .Dl # pfctl -k gateway -k 192.168.0.1
371 .Dl # pfctl -k gateway -k 192.168.0.0/24
373 States can also be killed based on their pre-NAT address:
375 .Dl # pfctl -k nat -k 192.168.0.1
380 This applies to states killed using the -k option and also will apply to the
385 .Dl # pfctl -M -i interface -Fs
391 .Bd -literal -offset indent
392 # echo "set loginterface fxp0" | pfctl -mf -
405 .Bl -tag -width xxxxxxxxx -compact
441 .Bl -tag -width xxxxxxxxxxx -compact
448 per-queue statistics are also shown.
458 the per-rule statistics (number of evaluations,
464 the per-rule statistics (number of evaluations,
477 Packets passed statefully are counted in the rule that created the state
492 Show the contents of the state table.
499 source tracking statistics, the firewall's 32-bit hostid number and the
504 Show the running status and provide a non-zero exit status when disabled.
505 .It Cm labels
506 Show per-rule statistics (label, evaluations, packets total, bytes total,
507 packets in, bytes in, packets out, bytes out, state creations) of
508 filter rules with labels, useful for accounting.
536 .Bl -tag -width xxxxxxxxxxxxxx -compact
539 .It bad-offset
549 .It bad-timestamp
553 .It ip-option
555 .It proto-cksum
557 .It state-mismatch
558 packet was associated with a state entry, but sequence numbers did not match
559 .It state-insert
560 state insertion failure
561 .It state-limit
562 configured state limit was reached
563 .It src-limit
567 .It map-failed
582 .Bl -tag -width "expire number" -compact
609 Clear statistics only for addresses with non-zero statistics. Addresses
619 .Bd -literal -offset indent
620 # pfctl -Tl -f pf.conf
647 .Bl -tag -width XXX -compact
680 .Bd -literal -offset indent
682 pass out to <test>\en" | pfctl -f-
683 # ping -qc10 ftp.openbsd.org
693 .Bd -literal -offset indent
694 # pfctl -t test -vTshow
713 .Bd -literal -offset indent
714 # pfctl -vvsTables
715 --a-r-C test
728 As we can see here, only one packet \- the initial ping request \- matched the
729 table, but all packets passing as the result of the state are correctly
749 .Bl -tag -width XXX -compact
776 This flag is set when per-address counters are enabled on the table.
789 .Bl -tag -width xxxxxxxxxxxx -compact
800 Clear per-rule statistics.
803 .Bl -tag -width "/etc/pf.conf" -compact
817 .Xr ftp-proxy 8 ,