You need to use the pfctl command that communicates with the packet filter. It allows ruleset and parameter configuration and retrieval of status information from the packet filter. The syntax is:
pfctl -sr
OR
pfctl -ar
How do I see the current firewall rules
# pfctl -sr
Sample outputs:
pass all flags S/SA block drop in on vr0 inet proto tcp from any to ! 202.54.1.2 port = 3306 block drop in on vr0 inet proto tcp from any to ! 202.54.1.10 port = 3306 block drop in on vr0 inet proto tcp from any to ! 202.54.1.15 port = 3306 block drop in on ! lo0 proto tcp from any to any port 6000:6010
How do I see the current firewall state table?
# pfctl -ss
Sample outputs:
all udp 255.255.255.255:17500 <- 192.168.1.104:17500 NO_TRAFFIC:SINGLE all udp 192.168.1.255:17500 <- 192.168.1.104:17500 NO_TRAFFIC:SINGLE
How do I see filter stats and counters?
# pfctl -si
Sample outputs:
Fig.01: PF firewall in action
You can also use the following command to see EVERYTHING:
# pfctl -sa
# pfctl -sa |more
# pfctl -sa |less
# pfctl -sa |grep somethingSample outputs:
FILTER RULES: pass all flags S/SA block drop in on vr0 inet proto tcp from any to ! 202.54.1.2 port = 3306 block drop in on vr0 inet proto tcp from any to ! 202.54.1.10 port = 3306 block drop in on vr0 inet proto tcp from any to ! 202.54.1.15 port = 3306 block drop in on ! lo0 proto tcp from any to any port 6000:6010 No queue in use STATES: all udp 192.168.1.255:17500 <- 192.168.1.104:17500 NO_TRAFFIC:SINGLE all tcp 192.168.1.20:22 <- 192.168.1.5:56534 FIN_WAIT_2:FIN_WAIT_2 all udp 255.255.255.255:17500 <- 192.168.1.104:17500 NO_TRAFFIC:SINGLE all tcp 192.168.1.20:22 <- 192.168.1.5:56535 ESTABLISHED:ESTABLISHED INFO: Status: Enabled for 0 days 00:12:07 Debug: err State Table Total Rate current entries 4 searches 335 0.5/s inserts 13 0.0/s removals 9 0.0/s Counters match 13 0.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s LIMITS: states hard limit 10000 src-nodes hard limit 10000 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 200000 OS FINGERPRINTS: 700 fingerprints loaded
References
- man pages- pfctl and pf.
- PF tutorial
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 0 comments… add one now }