PF, quick reference guide
From FreeBSDwiki
(Difference between revisions)
(Created page with "PF is divided into the sections: * Macros - Variables are defined in this section. This simplifies changing hardware, or makes it easier to list a lot of arguments as a variab...") |
(→Syntax) |
||
| Line 25: | Line 25: | ||
* proto - tcp, udp, sctp, icmp6; see {{file|/etc/protocols}} | * proto - tcp, udp, sctp, icmp6; see {{file|/etc/protocols}} | ||
* port - see {{file|/etc/services}}. Can be a number or named. | * port - see {{file|/etc/services}}. Can be a number or named. | ||
| + | |||
| + | Some arguments are optional, depending on circumstances. | ||
==References== | ==References== | ||
Revision as of 09:36, 5 December 2015
PF is divided into the sections:
- Macros - Variables are defined in this section. This simplifies changing hardware, or makes it easier to list a lot of arguments as a variable. IP's are not set here, but instead in the next section.
- Tables - Variables for IP's are defined here. This can be also set by the "overload" argument from rules in the filtering section.
- Options - Options lines start with "set"
- Scrub - Scrub packets
- Queueing -
- Translation - Nat translation settings
- Filter rules - Here is where rules are set up. PF rules work where the last line takes effect over the lines before it.
Filter rules
Syntax
[action] [direction] log quick on $interface [af] proto $protocol from $ip port $port to $ip port $port flags $tcpflags [state] ([state options])
- action - block, pass
- direction - in, out
- log - log, log (all)
- interface - network interface
- af - inet, inet6
- proto - tcp, udp, sctp, icmp6; see /etc/protocols
- port - see /etc/services. Can be a number or named.
Some arguments are optional, depending on circumstances.
References
- PF: The OpenBSD Packet Filter
- Firewalling with PF / Brannmur med PF
- Network Administration with FreeBSD 7: Network Configuration - Firewalls
- FreeBSD Documentation
