Page MenuHomeFreeBSD
Differential D29780 Diff 87706 share/man/man5/pf.conf.5

Changeset View

Standalone View

View Options

share/man/man5/pf.conf.5

Show All 22 Lines
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE. .\" POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd December 7, 2019 .Dd April 19, 2021
.Dt PF.CONF 5 .Dt PF.CONF 5
.Os .Os
.Sh NAME .Sh NAME
.Nm pf.conf .Nm pf.conf
.Nd packet filter configuration file .Nd packet filter configuration file
.Sh DESCRIPTION .Sh DESCRIPTION
The The
.Xr pf 4 .Xr pf 4
▲ Show 20 LinesShow All 573 Lines▼ Show 20 Lines
Don't generate debug messages. Don't generate debug messages.
.It Ar urgent .It Ar urgent
Generate debug messages only for serious errors. Generate debug messages only for serious errors.
.It Ar misc .It Ar misc
Generate debug messages for various errors. Generate debug messages for various errors.
.It Ar loud .It Ar loud
Generate debug messages for common conditions. Generate debug messages for common conditions.
.El .El
.It Ar set keepcounters
Preserve rule counters across rule updates.
Usually rule counters are reset to zero on every update of the ruleset.
With
.Ar keepcounters
set pf will attempt to find matching rules between old and new rulesets
and preserve the rule counters.
.El .El
.Sh TRAFFIC NORMALIZATION .Sh TRAFFIC NORMALIZATION
Traffic normalization is used to sanitize packet content in such Traffic normalization is used to sanitize packet content in such
a way that there are no ambiguities in packet interpretation on a way that there are no ambiguities in packet interpretation on
the receiving side. the receiving side.
The normalizer does IP fragment reassembly to prevent attacks The normalizer does IP fragment reassembly to prevent attacks
that confuse intrusion detection systems by sending overlapping that confuse intrusion detection systems by sending overlapping
IP fragments. IP fragments.
▲ Show 20 LinesShow All 2,254 Lines▼ Show 20 Linesoption = "set" ( [ "timeout" ( timeout | "{" timeout-list "}" ) ] |
[ "limit" ( limit-item | "{" limit-list "}" ) ] | [ "limit" ( limit-item | "{" limit-list "}" ) ] |
[ "loginterface" ( interface-name | "none" ) ] | [ "loginterface" ( interface-name | "none" ) ] |
[ "block-policy" ( "drop" | "return" ) ] | [ "block-policy" ( "drop" | "return" ) ] |
[ "state-policy" ( "if-bound" | "floating" ) ] [ "state-policy" ( "if-bound" | "floating" ) ]
[ "state-defaults" state-opts ] [ "state-defaults" state-opts ]
[ "require-order" ( "yes" | "no" ) ] [ "require-order" ( "yes" | "no" ) ]
[ "fingerprints" filename ] | [ "fingerprints" filename ] |
[ "skip on" ifspec ] | [ "skip on" ifspec ] |
[ "debug" ( "none" | "urgent" | "misc" | "loud" ) ] ) [ "debug" ( "none" | "urgent" | "misc" | "loud" ) ]
[ "keepcounters" ] )
pf-rule = action [ ( "in" | "out" ) ] pf-rule = action [ ( "in" | "out" ) ]
[ "log" [ "(" logopts ")"] ] [ "quick" ] [ "log" [ "(" logopts ")"] ] [ "quick" ]
[ "on" ifspec ] [ route ] [ af ] [ protospec ] [ "on" ifspec ] [ route ] [ af ] [ protospec ]
hosts [ filteropt-list ] hosts [ filteropt-list ]
logopts = logopt [ "," logopts ] logopts = logopt [ "," logopts ]
logopt = "all" | "user" | "to" interface-name logopt = "all" | "user" | "to" interface-name
▲ Show 20 LinesShow All 212 LinesShow Last 20 Lines