# To update the pf.conf-test file, copy the ruleset to the clipboard
# then use the following command then insert the new ruleset and save: rm /etc/pf.conf-test ; vi /etc/pf.conf-test
# To check syntax of the new pf.conf-test file. type:
pfctl -n -f /etc/pf.conf-test
# To load the updated pf.conf-test file into pf. type:
pfctl -F all ; pfctl -f /etc/pf.conf-test
# To clear the /var/log/pflog file and restart logging. type:
cat /dev/null > /var/log/pflog ; kill -HUP `cat /var/run/pflogd.pid`
# To view the current contents of the ssh bruteforce memory table, type:
pfctl -t bruteforce -T show
# To view the current contents of the badhosts memory table, type:
pfctl -t badhosts -T show
# To view the current contents of the badhosts memory table, with statistics, type:
pfctl -t badhosts -T show -v
# To reload the /etc/badhosts file into pf after updating the file, type:
pfctl -t badhosts -T replace -f /etc/badhosts
# To view addresses in the spamd-white table, type:
pfctl -t spamd-white -T show
# To load a new IP address into the spamd-white table, type:
pfctl -t spamd-white -T add ip-address
# To view blocked egress packets, assuming you default block out rule is “Rule 3″ and logging is enabled, type:
tcpdump -n -e -ttt -r /var/log/pflog > /tmp/blockout ; grep rule\ 3/ /tmp/blockout
pfctl -g -s rules| grep ‘^@’pfctl -sn
pfctl -sr
pfctl -ss
pfctl -si
pfctl -sa
pfctl -s rules -vv
pfctl -s queue -v
pfctl -s queue -v
netstat -s -ppfsync
pfctl -vsq
pfctl -vs Tables
Load Balancer
pftop -w 150 -a -b
pftop -w 150 -a -b -v long
pftop -w 150 -a -b -v queue
pftop -w 150 -a -b -v rules
pftop -w 150 -a -b -v size
pftop -w 150 -a -b -v speed
