Q. How do I view active connections with PF firewall under FreeBSD / OpenBSD UNIX operating system?
A. You need to use pftop command which displays the active packetfilter states and rules, and periodically updates this information. It provides a “top” like view of the PF state table.
Install pftop
pftop can be installed from the FreeBSD / OpenBSD ports collection, or downloaded from the pftop website. Under FreeBSD type the following command to update ports and install the latest version:
# portsnap fetch update
# cd /usr/ports/sysutils/pftop
# make install clean
Start pftop
pftop displays source and destination IP addresses, TCP and UDP port numbers, packets and bytes transmitted, the age of a connection, and the time left until a connection will be removed from the state table:
# pftop
Sample output:
To exit press q. Following commands are currently recognized:
c | Enable disable state caching (enabled by default). |
f | Set the state filter expression. |
h,? | Display a summary of the commands (help screen). |
n | Set number of lines to display. |
o | Select next sorting Order. |
p | Pause/resume display updates. |
q | Quit pftop. |
r | Reverse current sorting order. |
s | Set display update interval in Seconds. |
v | Select next View. |
0-7 | Select one of the views directly. |
Cursor | Scroll display (up/down), and switch views (left/right). Most of the emacs/mg motion keys work as well. |
SPACE | Update display immediately. |
CTRL-L | Refresh display. |
CTRL-G | Clear command entry line. |
Further readings:
- man page pftop, pf and pfctl
🐧 1 comment so far... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Thank You,
This saved me a night!