"ipfw count" equivalent for pf
Paul Schmehl
pauls at utdallas.edu
Fri Dec 17 11:26:56 PST 2004
--On Friday, December 17, 2004 01:29:09 PM -0500 Louis LeBlanc
<FreeBSD at keyslapper.org> wrote:
>
> Control
> After boot, PF operation can be managed using the pfctl(8) program. Some
> example commands are:
>
> # pfctl -f /etc/pf.conf loads the pf.conf file
> # pfctl -nf /etc/pf.conf parse the file, but don't load it
> # pfctl -Nf /etc/pf.conf Load only the NAT rules from the file
> # pfctl -Rf /etc/pf.conf Load only the filter rules from the file
>
> # pfctl -sn Show the current NAT rules
> # pfctl -sr Show the current filter rules
> # pfctl -ss Show the current state table
> # pfctl -si Show filter stats and counters
> # pfctl -sa Show EVERYTHING it can show
>
> For a complete list of commands, please see the pfctl(8) man page.
> --------
>
> HTH. It certainly seems like changing nat and firewall rules on the fly
> are easier with pf. As I read and played with it, it seems to be much
> easier, particularly when using tables and lists.
>
I'm curious what you think is easier about the above than:
ipfw show (same as ipfw -a list)
ipfw -d list (show dynamic rules)
ipfw -S list (show the set each rule belongs to)
ipfw add 00400 allow blah
ipfw delete 00400
ipfw disable firewall
ipfw enable firewall
ipfw set disable (num)
ipfw set enable (num)
Etc., etc.
With ipfw you can add or delete rules on the fly as well. I do it
regularly.
If you want to reset counters to zero, use ipfw zero rulenum. If you want
to reset the log to zero, use ipfw resetlog rulenum. (Or you can reset an
entire set.)
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
More information about the freebsd-questions
mailing list