xref: /freebsd/sbin/pfilctl/pfilctl.8 (revision e5b786625f7f82a1fa91e41823332459ea5550f9)
1.\" Copyright (c) 2019 Gleb Smirnoff <glebius@FreeBSD.org>
2.\"
3.\" Redistribution and use in source and binary forms, with or without
4.\" modification, are permitted provided that the following conditions
5.\" are met:
6.\" 1. Redistributions of source code must retain the above copyright
7.\"    notice, this list of conditions and the following disclaimer.
8.\" 2. Redistributions in binary form must reproduce the above copyright
9.\"    notice, this list of conditions and the following disclaimer in the
10.\"    documentation and/or other materials provided with the distribution.
11.\"
12.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
13.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
19.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
20.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
21.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
22.\" SUCH DAMAGE.
23.\"
24.Dd January 28, 2019
25.Dt PFILCTL 8
26.Os
27.Sh NAME
28.Nm pfilctl
29.Nd pfil(9) control utility
30.Sh SYNOPSIS
31.Nm
32.Cm heads
33.Nm
34.Cm hooks
35.Nm
36.Cm link
37.Aq Fl i | Fl o
38.Op Fl a
39.Ar hook Ar head
40.Nm
41.Cm unlink
42.Aq Fl i | Fl o
43.Ar hook Ar head
44.Sh DESCRIPTION
45The
46.Nm
47utility is intended to view and change configuration of the
48.Xr pfil 9
49packet filtering hooks and filters on them.
50.Sh COMMANDS
51.Bl -tag -width "unlink"
52.It Cm heads
53List available packet filtering points.
54.It Cm hooks
55List available packet filters.
56.It Xo
57.Cm link
58.Aq Fl i | Fl o
59.Op Fl a
60.Ar hook Ar head
61.Xc
62Link
63.Ar hook
64to
65.Ar head .
66With the
67.Fl i
68flag the hook will be connected as input and with
69.Fl o
70as output hook.
71At least one of
72.Fl i
73or
74.Fl o
75is required.
76By default
77.Nm
78will prepend the hook in front of other hooks if any present:
79new hook will be as close to the wire as possible, so that on input
80it will be the first filter and on output it will be the last.
81Adding the
82.Fl a
83flag switches to appending new hook instead of prepending.
84.It Xo
85.Cm unlink
86.Aq Fl i | Fl o
87.Ar hook Ar head
88.Xc
89Unlink
90.Ar hook
91on
92.Ar head .
93At least one of
94.Fl i
95or
96.Fl o
97is required.
98With the
99.Fl i
100flag the hook will be removed from the input list of hooks
101and with
102.Fl o
103on output list.
104.El
105.Sh SEE ALSO
106.Xr ipfilter 4 ,
107.Xr ipfw 4 ,
108.Xr pf 4 ,
109.Xr pfil 9
110.Sh AUTHORS
111.An -nosplit
112The
113.Nm
114utility was written by
115.An Gleb Smirnoff Aq Mt glebius@FreeBSD.org .
116