Q. How do I view active connections with PF firewall under FreeBSD / OpenBSD UNIX operating system?
A. You need to use pftop command which displays the active packetfilter states and rules, and periodically updates this information. It provides a “top” like view of the PF state table.
Install pftop
pftop can be installed from the FreeBSD / OpenBSD ports collection, or downloaded from the pftop website. Under FreeBSD type the following command to update ports and install the latest version:
# portsnap fetch update
# cd /usr/ports/sysutils/pftop
# make install clean
Start pftop
pftop displays source and destination IP addresses, TCP and UDP port numbers, packets and bytes transmitted, the age of a connection, and the time left until a connection will be removed from the state table:
# pftop
Sample output:
Fig.01: pftop in action (click to enlarge)
To exit press q. Following commands are currently recognized:
| c | Enable disable state caching (enabled by default). |
| f | Set the state filter expression. |
| h,? | Display a summary of the commands (help screen). |
| n | Set number of lines to display. |
| o | Select next sorting Order. |
| p | Pause/resume display updates. |
| q | Quit pftop. |
| r | Reverse current sorting order. |
| s | Set display update interval in Seconds. |
| v | Select next View. |
| 0-7 | Select one of the views directly. |
| Cursor | Scroll display (up/down), and switch views (left/right). Most of the emacs/mg motion keys work as well. |
| SPACE | Update display immediately. |
| CTRL-L | Refresh display. |
| CTRL-G | Clear command entry line. |
Further readings:
- man page pftop, pf and pfctl
🐧 1 comment so far... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Thank You,
This saved me a night!