1*b252313fSGleb Smirnoff.\" Copyright (c) 2019 Gleb Smirnoff <glebius@FreeBSD.org> 2*b252313fSGleb Smirnoff.\" 3*b252313fSGleb Smirnoff.\" Redistribution and use in source and binary forms, with or without 4*b252313fSGleb Smirnoff.\" modification, are permitted provided that the following conditions 5*b252313fSGleb Smirnoff.\" are met: 6*b252313fSGleb Smirnoff.\" 1. Redistributions of source code must retain the above copyright 7*b252313fSGleb Smirnoff.\" notice, this list of conditions and the following disclaimer. 8*b252313fSGleb Smirnoff.\" 2. Redistributions in binary form must reproduce the above copyright 9*b252313fSGleb Smirnoff.\" notice, this list of conditions and the following disclaimer in the 10*b252313fSGleb Smirnoff.\" documentation and/or other materials provided with the distribution. 11*b252313fSGleb Smirnoff.\" 12*b252313fSGleb Smirnoff.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 13*b252313fSGleb Smirnoff.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 14*b252313fSGleb Smirnoff.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 15*b252313fSGleb Smirnoff.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 16*b252313fSGleb Smirnoff.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 17*b252313fSGleb Smirnoff.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 18*b252313fSGleb Smirnoff.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 19*b252313fSGleb Smirnoff.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 20*b252313fSGleb Smirnoff.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 21*b252313fSGleb Smirnoff.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 22*b252313fSGleb Smirnoff.\" SUCH DAMAGE. 23*b252313fSGleb Smirnoff.\" 24*b252313fSGleb Smirnoff.Dd January 28, 2019 25*b252313fSGleb Smirnoff.Dt PFILCTL 8 26*b252313fSGleb Smirnoff.Os 27*b252313fSGleb Smirnoff.Sh NAME 28*b252313fSGleb Smirnoff.Nm pfilctl 29*b252313fSGleb Smirnoff.Nd pfil(9) control utility 30*b252313fSGleb Smirnoff.Sh SYNOPSIS 31*b252313fSGleb Smirnoff.Nm 32*b252313fSGleb Smirnoff.Cm heads 33*b252313fSGleb Smirnoff.Nm 34*b252313fSGleb Smirnoff.Cm hooks 35*b252313fSGleb Smirnoff.Nm 36*b252313fSGleb Smirnoff.Cm link 37*b252313fSGleb Smirnoff.Aq Fl i | Fl o 38*b252313fSGleb Smirnoff.Op Fl a 39*b252313fSGleb Smirnoff.Ar hook Ar head 40*b252313fSGleb Smirnoff.Nm 41*b252313fSGleb Smirnoff.Cm unlink 42*b252313fSGleb Smirnoff.Aq Fl i | Fl o 43*b252313fSGleb Smirnoff.Ar hook Ar head 44*b252313fSGleb Smirnoff.Sh DESCRIPTION 45*b252313fSGleb SmirnoffThe 46*b252313fSGleb Smirnoff.Nm 47*b252313fSGleb Smirnoffutility is intended to view and change configuration of the 48*b252313fSGleb Smirnoff.Xr pfil 9 49*b252313fSGleb Smirnoffpacket filtering hooks and filters on them. 50*b252313fSGleb Smirnoff.Sh COMMANDS 51*b252313fSGleb Smirnoff.Bl -tag -width "unlink" 52*b252313fSGleb Smirnoff.It Cm heads 53*b252313fSGleb SmirnoffList available packet filtering points. 54*b252313fSGleb Smirnoff.It Cm hooks 55*b252313fSGleb SmirnoffList available packet filters. 56*b252313fSGleb Smirnoff.It Xo 57*b252313fSGleb Smirnoff.Cm link 58*b252313fSGleb Smirnoff.Aq Fl i | Fl o 59*b252313fSGleb Smirnoff.Op Fl a 60*b252313fSGleb Smirnoff.Ar hook Ar head 61*b252313fSGleb Smirnoff.Xc 62*b252313fSGleb SmirnoffLink 63*b252313fSGleb Smirnoff.Ar hook 64*b252313fSGleb Smirnoffto 65*b252313fSGleb Smirnoff.Ar head . 66*b252313fSGleb SmirnoffWith the 67*b252313fSGleb Smirnoff.Fl i 68*b252313fSGleb Smirnoffflag the hook will be connected as input and with 69*b252313fSGleb Smirnoff.Fl o 70*b252313fSGleb Smirnoffas output hook. 71*b252313fSGleb SmirnoffAt least one of 72*b252313fSGleb Smirnoff.Fl i 73*b252313fSGleb Smirnoffor 74*b252313fSGleb Smirnoff.Fl o 75*b252313fSGleb Smirnoffis required. 76*b252313fSGleb SmirnoffBy default 77*b252313fSGleb Smirnoff.Nm 78*b252313fSGleb Smirnoffwill prepend the hook in front of other hooks if any present: 79*b252313fSGleb Smirnoffnew hook will be as close to the wire as possible, so that on input 80*b252313fSGleb Smirnoffit will be the first filter and on output it will be the last. 81*b252313fSGleb SmirnoffAdding the 82*b252313fSGleb Smirnoff.Fl a 83*b252313fSGleb Smirnoffflag switches to appending new hook instead of prepending. 84*b252313fSGleb Smirnoff.It Xo 85*b252313fSGleb Smirnoff.Cm unlink 86*b252313fSGleb Smirnoff.Aq Fl i | Fl o 87*b252313fSGleb Smirnoff.Ar hook Ar head 88*b252313fSGleb Smirnoff.Xc 89*b252313fSGleb SmirnoffUnlink 90*b252313fSGleb Smirnoff.Ar hook 91*b252313fSGleb Smirnoffon 92*b252313fSGleb Smirnoff.Ar head . 93*b252313fSGleb SmirnoffAt least one of 94*b252313fSGleb Smirnoff.Fl i 95*b252313fSGleb Smirnoffor 96*b252313fSGleb Smirnoff.Fl o 97*b252313fSGleb Smirnoffis required. 98*b252313fSGleb SmirnoffWith the 99*b252313fSGleb Smirnoff.Fl i 100*b252313fSGleb Smirnoffflag the hook will be removed from the input list of hooks 101*b252313fSGleb Smirnoffand with 102*b252313fSGleb Smirnoff.Fl o 103*b252313fSGleb Smirnoffon output list. 104*b252313fSGleb Smirnoff.El 105*b252313fSGleb Smirnoff.Sh SEE ALSO 106*b252313fSGleb Smirnoff.Xr ipfilter 4 , 107*b252313fSGleb Smirnoff.Xr ipfw 4 , 108*b252313fSGleb Smirnoff.Xr pf 4 , 109*b252313fSGleb Smirnoff.Xr pfil 9 110*b252313fSGleb Smirnoff.Sh AUTHORS 111*b252313fSGleb Smirnoff.An -nosplit 112*b252313fSGleb SmirnoffThe 113*b252313fSGleb Smirnoff.Nm 114*b252313fSGleb Smirnoffutility was written by 115*b252313fSGleb Smirnoff.An Gleb Smirnoff Aq Mt glebius@FreeBSD.org . 116