Rules in anchor

Daniel Hartmeier daniel at
Thu Jun 8 18:43:52 UTC 2006

On Thu, Jun 08, 2006 at 03:42:47PM +0400, Dmitry Andrianov wrote:

> root at host <mailto:root at host> # pfctl -s Anchors           
>   ftpsesame
> root at host <mailto:root at spb-gw1> # pfctl -a ftpsesame -s rules
> root at host <mailto:root at spb-gw1> # 

It creates sub-anchors within that anchor (with the process pid and a
connection id as part of the name), and the rules are inserted there.

The reason for that is that it's simpler to flush an entire (sub)anchor
than removing one specific (of potentially multiple) rules in just one

Try pfctl -vs Anchors, it lists anchor and sub-anchors recursively. Then
pfctl -a ftpsesame/sub.anchor -s rules.


More information about the freebsd-pf mailing list