BSD PF Firewall: Displays Active Packetfilter States And Rules

Q. How do I view active connections with PF firewall under FreeBSD / OpenBSD UNIX operating system?

A. You need to use pftop command which displays the active packetfilter states and rules, and periodically updates this information. It provides a “top” like view of the PF state table.

Install pftop

pftop can be installed from the FreeBSD / OpenBSD ports collection, or downloaded from the pftop website. Under FreeBSD type the following command to update ports and install the latest version:
# portsnap fetch update
# cd /usr/ports/sysutils/pftop
# make install clean

Start pftop

pftop displays source and destination IP addresses, TCP and UDP port numbers, packets and bytes transmitted, the age of a connection, and the time left until a connection will be removed from the state table:
# pftop
Sample output:

Fig.01: pftop in action (click to enlarge)

To exit press q. Following commands are currently recognized:

c Enable disable state caching (enabled by default).
f Set the state filter expression.
h,? Display a summary of the commands (help screen).
n Set number of lines to display.
o Select next sorting Order.
p Pause/resume display updates.
q Quit pftop.
r Reverse current sorting order.
s Set display update interval in Seconds.
v Select next View.
0-7 Select one of the views directly.
Cursor Scroll display (up/down), and switch views (left/right). Most of the emacs/mg motion keys work as well.
SPACE Update display immediately.
CTRL-L Refresh display.
CTRL-G Clear command entry line.

Further readings:

  • man page pftop, pf and pfctl

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 1 comment so far... add one

CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
1 comment… add one
  • Danos Sep 4, 2013 @ 16:33

    Thank You,

    This saved me a night!

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @