Changeset View
Changeset View
Standalone View
Standalone View
share/man/man5/pf.conf.5
Show All 22 Lines | |||||
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | ||||
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||||
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||||
.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN | ||||
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||||
.\" POSSIBILITY OF SUCH DAMAGE. | .\" POSSIBILITY OF SUCH DAMAGE. | ||||
.\" | .\" | ||||
.Dd December 7, 2019 | .Dd April 9, 2021 | ||||
.Dt PF.CONF 5 | .Dt PF.CONF 5 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm pf.conf | .Nm pf.conf | ||||
.Nd packet filter configuration file | .Nd packet filter configuration file | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
The | The | ||||
.Xr pf 4 | .Xr pf 4 | ||||
▲ Show 20 Lines • Show All 1,762 Lines • ▼ Show 20 Lines | pass in inet proto tcp from any to 1.2.3.4 \e | ||||
port \*(Gt 1023 label \&"1.2.3.4:\*(Gt1023\&" | port \*(Gt 1023 label \&"1.2.3.4:\*(Gt1023\&" | ||||
pass in inet proto tcp from any to 1.2.3.5 \e | pass in inet proto tcp from any to 1.2.3.5 \e | ||||
port \*(Gt 1023 label \&"1.2.3.5:\*(Gt1023\&" | port \*(Gt 1023 label \&"1.2.3.5:\*(Gt1023\&" | ||||
.Ed | .Ed | ||||
.Pp | .Pp | ||||
The macro expansion for the | The macro expansion for the | ||||
.Ar label | .Ar label | ||||
directive occurs only at configuration file parse time, not during runtime. | directive occurs only at configuration file parse time, not during runtime. | ||||
.It Ar schedule Aq Ar string | |||||
Adds a schedule label (name) to the rule, which can be used to identify and | |||||
terminate states created by matching rules, | |||||
using | |||||
.Bd -literal -offset indent | |||||
# pfctl -y string | |||||
.Ed | |||||
.It Xo Ar queue Aq Ar queue | .It Xo Ar queue Aq Ar queue | ||||
.No \*(Ba ( Aq Ar queue , | .No \*(Ba ( Aq Ar queue , | ||||
.Aq Ar queue ) | .Aq Ar queue ) | ||||
.Xc | .Xc | ||||
Packets matching this rule will be assigned to the specified queue. | Packets matching this rule will be assigned to the specified queue. | ||||
If two queues are given, packets which have a | If two queues are given, packets which have a | ||||
.Em TOS | .Em TOS | ||||
of | of | ||||
▲ Show 20 Lines • Show All 1,062 Lines • ▼ Show 20 Lines | |||||
filteropt-list = filteropt-list filteropt | filteropt | filteropt-list = filteropt-list filteropt | filteropt | ||||
filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos | | filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos | | ||||
( "no" | "keep" | "modulate" | "synproxy" ) "state" | ( "no" | "keep" | "modulate" | "synproxy" ) "state" | ||||
[ "(" state-opts ")" ] | | [ "(" state-opts ")" ] | | ||||
"fragment" | "no-df" | "min-ttl" number | "set-tos" tos | | "fragment" | "no-df" | "min-ttl" number | "set-tos" tos | | ||||
"max-mss" number | "random-id" | "reassemble tcp" | | "max-mss" number | "random-id" | "reassemble tcp" | | ||||
fragmentation | "allow-opts" | | fragmentation | "allow-opts" | | ||||
"label" string | "tag" string | [ ! ] "tagged" string | | "label" string | "tag" string | [ ! ] "tagged" string | | ||||
"set prio" ( number | "(" number [ [ "," ] number ] ")" ) | | "schedule" string | "set prio" ( number | "(" number [ [ "," ] | ||||
"queue" ( string | "(" string [ [ "," ] string ] ")" ) | | number ] ")" ) | "queue" ( string | "(" string [ [ "," ] | ||||
"rtable" number | "probability" number"%" | "prio" number | string ] ")" ) | "rtable" number | "probability" number"%" | | ||||
"prio" number | |||||
nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | ||||
[ "on" ifspec ] [ af ] | [ "on" ifspec ] [ af ] | ||||
[ protospec ] hosts [ "tag" string ] [ "tagged" string ] | [ protospec ] hosts [ "tag" string ] [ "tagged" string ] | ||||
[ "-\*(Gt" ( redirhost | "{" redirhost-list "}" ) | [ "-\*(Gt" ( redirhost | "{" redirhost-list "}" ) | ||||
[ portspec ] [ pooltype ] [ "static-port" ] ] | [ portspec ] [ pooltype ] [ "static-port" ] ] | ||||
binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts ")" ] ] ] | ||||
▲ Show 20 Lines • Show All 191 Lines • Show Last 20 Lines |