Changeset View
Changeset View
Standalone View
Standalone View
sbin/pfctl/pfctl.8
Show All 39 Lines | |||||
.Oo Fl D Ar macro Ns = | .Oo Fl D Ar macro Ns = | ||||
.Ar value Oc | .Ar value Oc | ||||
.Op Fl F Ar modifier | .Op Fl F Ar modifier | ||||
.Op Fl f Ar file | .Op Fl f Ar file | ||||
.Op Fl i Ar interface | .Op Fl i Ar interface | ||||
.Op Fl K Ar host | network | .Op Fl K Ar host | network | ||||
.Xo | .Xo | ||||
.Oo Fl k | .Oo Fl k | ||||
.Ar host | network | label | id | .Ar host | network | label | id | gateway | ||||
.Oc Xc | .Oc Xc | ||||
.Op Fl o Ar level | .Op Fl o Ar level | ||||
.Op Fl p Ar device | .Op Fl p Ar device | ||||
.Op Fl s Ar modifier | .Op Fl s Ar modifier | ||||
.Xo | .Xo | ||||
.Oo Fl t Ar table | .Oo Fl t Ar table | ||||
.Fl T Ar command | .Fl T Ar command | ||||
.Op Ar address ... | .Op Ar address ... | ||||
▲ Show 20 Lines • Show All 194 Lines • ▼ Show 20 Lines | |||||
A second | A second | ||||
.Fl K Ar host | .Fl K Ar host | ||||
or | or | ||||
.Fl K Ar network | .Fl K Ar network | ||||
option may be specified, which will kill all the source tracking | option may be specified, which will kill all the source tracking | ||||
entries from the first host/network to the second. | entries from the first host/network to the second. | ||||
.It Xo | .It Xo | ||||
.Fl k | .Fl k | ||||
.Ar host | network | label | id | .Ar host | network | label | id | gateway | ||||
.Xc | .Xc | ||||
Kill all of the state entries matching the specified | Kill all of the state entries matching the specified | ||||
.Ar host , | .Ar host , | ||||
.Ar network , | .Ar network , | ||||
.Ar label , | .Ar label , | ||||
.Ar id , | |||||
or | or | ||||
.Ar id . | .Ar gateway. | ||||
.Pp | .Pp | ||||
For example, to kill all of the state entries originating from | For example, to kill all of the state entries originating from | ||||
.Dq host : | .Dq host : | ||||
.Pp | .Pp | ||||
.Dl # pfctl -k host | .Dl # pfctl -k host | ||||
.Pp | .Pp | ||||
A second | A second | ||||
.Fl k Ar host | .Fl k Ar host | ||||
Show All 37 Lines | |||||
To kill a state with ID 4823e84500000003 use: | To kill a state with ID 4823e84500000003 use: | ||||
.Pp | .Pp | ||||
.Dl # pfctl -k id -k 4823e84500000003 | .Dl # pfctl -k id -k 4823e84500000003 | ||||
.Pp | .Pp | ||||
To kill a state with ID 4823e84500000018 created from a backup | To kill a state with ID 4823e84500000018 created from a backup | ||||
firewall with hostid 00000002 use: | firewall with hostid 00000002 use: | ||||
.Pp | .Pp | ||||
.Dl # pfctl -k id -k 4823e84500000018/2 | .Dl # pfctl -k id -k 4823e84500000018/2 | ||||
.Pp | |||||
It is also possible to kill states created from a rule with the route-to/reply-to | |||||
parameter set to route the connection through a particular gateway. | |||||
Note that rules routing via the default routing table (not via a route-to | |||||
bcr: s/via a the/via the/ | |||||
rule) will have their rt_addr set as 0.0.0.0 or ::. | |||||
Not Done Inline ActionsLine break after sentence stop necessary here. bcr: Line break after sentence stop necessary here. | |||||
To kill all states using a gateway of 192.168.0.1 use: | |||||
.Pp | |||||
.Dl # pfctl -k gateway -k 192.168.0.1 | |||||
.Pp | |||||
A network prefix length can also be specified. | |||||
To kill all states using a gateway in 192.168.0.0/24: | |||||
.Pp | |||||
.Dl # pfctl -k gateway -k 192.168.0.0/24 | |||||
.It Fl m | .It Fl m | ||||
Merge in explicitly given options without resetting those | Merge in explicitly given options without resetting those | ||||
which are omitted. | which are omitted. | ||||
Allows single options to be modified without disturbing the others: | Allows single options to be modified without disturbing the others: | ||||
.Bd -literal -offset indent | .Bd -literal -offset indent | ||||
# echo "set loginterface fxp0" | pfctl -mf - | # echo "set loginterface fxp0" | pfctl -mf - | ||||
.Ed | .Ed | ||||
.It Fl N | .It Fl N | ||||
▲ Show 20 Lines • Show All 365 Lines • Show Last 20 Lines |
s/via a the/via the/