PF, quick reference guide

From FreeBSDwiki

Revision as of 10:36, 5 December 2015 by Sidetone (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

PF is divided into the sections:

Macros - Variables are defined in this section. This simplifies changing hardware, or makes it easier to list a lot of arguments as a variable. IP's are not set here, but instead in the next section.

Tables - Variables for IP's are defined here. This can be also set by the "overload" argument from rules in the filtering section.

Options - Options lines start with "set"

Scrub - Scrub packets

Queueing -

Translation - Nat translation settings

Filter rules - Here is where rules are set up. PF rules work where the last line takes effect over the lines before it.

Filter rules

Syntax

[action] [direction] log quick on $interface [af] proto $protocol from $ip port $port to $ip port $port flags $tcpflags [state] ([state options])

action - block, pass
direction - in, out
log - log, log (all)
interface - network interface
af - inet, inet6
proto - tcp, udp, sctp, icmp6; see /etc/protocols
port - see /etc/services. Can be a number or named.

Some arguments are optional, depending on circumstances.

References

PF: The OpenBSD Packet Filter
Firewalling with PF / Brannmur med PF
Network Administration with FreeBSD 7: Network Configuration - Firewalls
FreeBSD Documentation

Retrieved from "http://freebsdwiki.net/index.php?title=PF,_quick_reference_guide&oldid=16331"

Securing FreeBSD

Views

Personal tools

Log in

Search

Toolbox