pavement

PF, quick reference guide

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(Created page with "PF is divided into the sections: * Macros - Variables are defined in this section. This simplifies changing hardware, or makes it easier to list a lot of arguments as a variab...")
 
(Syntax)
Line 25: Line 25:
 
* proto - tcp, udp, sctp, icmp6; see {{file|/etc/protocols}}
 
* proto - tcp, udp, sctp, icmp6; see {{file|/etc/protocols}}
 
* port - see {{file|/etc/services}}. Can be a number or named.
 
* port - see {{file|/etc/services}}. Can be a number or named.
 +
 +
Some arguments are optional, depending on circumstances.
  
 
==References==
 
==References==

Revision as of 10:36, 5 December 2015

PF is divided into the sections:

  • Macros - Variables are defined in this section. This simplifies changing hardware, or makes it easier to list a lot of arguments as a variable. IP's are not set here, but instead in the next section.
  • Tables - Variables for IP's are defined here. This can be also set by the "overload" argument from rules in the filtering section.
  • Options - Options lines start with "set"
  • Scrub - Scrub packets
  • Queueing -
  • Translation - Nat translation settings
  • Filter rules - Here is where rules are set up. PF rules work where the last line takes effect over the lines before it.

Filter rules

Syntax

[action] [direction] log quick on $interface [af] proto $protocol from $ip port $port to $ip port $port flags $tcpflags [state] ([state options])

  • action - block, pass
  • direction - in, out
  • log - log, log (all)
  • interface - network interface
  • af - inet, inet6
  • proto - tcp, udp, sctp, icmp6; see /etc/protocols
  • port - see /etc/services. Can be a number or named.

Some arguments are optional, depending on circumstances.

References

Personal tools