• Categories:

• FreeBSD
• Security
• - Web server security
• - dns security
• - Rootkit Hunter
• - dshield + pf
• - Expiretable
• - Bruteforce attacks
• - Using pfctl
• - Portaudit
• - Packet Filter
• Apache
• Email
• OpenBSD
• PHP
• DNS
• Work




• Home
• login

•  Links:

• Cookbook
• FreeBSD
• OpenBSD
• Property
• French Property
• German Property
• Spanish Property
• Italian Property
• UK Job Search

Using pfctl

Previously we set up pf (packet filter) on our FreeBSD 6 server.
The pfctl command controls pf. Some examples are:
disable pf:

pfctl -d

enable pf:

pfctl -e

To load the rules in a particular conf file, for example /etc/pf.rules:

pfctl -Rf /etc/pf.rules

To test these rules without loading them:

pfctl -n -f /etc/pf.rules

To show the current filter rules:

pfctl -s rules

show some statistics:

pfctl -s info

Some applications are used to update firewall rules on the fly, for example Portsentry and scripts which detect brute attacks. If we wish to add to our 'badguys' table, we can do this using pfctl. To add 11.12.13.14/30 to the table, for example:

pfctl -t badguys -T add 11.12.13.14/30

To check the contents of the table, then do

pfctl -t badguys -T show

which will display the table contents. To clear all entries from the table:

pfctl -t badguys -T flush