Q. How do I view active connections with PF firewall under FreeBSD / OpenBSD UNIX operating system?
A. You need to use pftop command which displays the active packetfilter states and rules, and periodically updates this information. It provides a “top” like view of the PF state table.
Install pftop
pftop can be installed from the FreeBSD / OpenBSD ports collection, or downloaded from the pftop website. Under FreeBSD type the following command to update ports and install the latest version:
# portsnap fetch update
# cd /usr/ports/sysutils/pftop
# make install clean
Start pftop
pftop displays source and destination IP addresses, TCP and UDP port numbers, packets and bytes transmitted, the age of a connection, and the time left until a connection will be removed from the state table:
# pftop
Sample output:
To exit press q. Following commands are currently recognized:
| c | Enable disable state caching (enabled by default). |
| f | Set the state filter expression. |
| h,? | Display a summary of the commands (help screen). |
| n | Set number of lines to display. |
| o | Select next sorting Order. |
| p | Pause/resume display updates. |
| q | Quit pftop. |
| r | Reverse current sorting order. |
| s | Set display update interval in Seconds. |
| v | Select next View. |
| 0-7 | Select one of the views directly. |
| Cursor | Scroll display (up/down), and switch views (left/right). Most of the emacs/mg motion keys work as well. |
| SPACE | Update display immediately. |
| CTRL-L | Refresh display. |
| CTRL-G | Clear command entry line. |
Further readings:
- man page pftop, pf and pfctl
1 comment
Thank You,
This saved me a night!