2017-01-20 11:17:20 +01:00
|
|
|
|
---
|
|
|
|
|
categories: openbsd network firewall
|
|
|
|
|
title: HowToOpenBSD/PacketFilter
|
|
|
|
|
---
|
2016-12-29 11:25:39 +01:00
|
|
|
|
|
|
|
|
|
## Tips & Astuces
|
|
|
|
|
|
|
|
|
|
Vérifier la fichier de config :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# pfctl -nf /etc/pf.conf
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Recharger la configuration :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# pfctl -f /etc/pf.conf
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Voir la QoS en temps réel :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# systat queue
|
|
|
|
|
# pfctl -s queue -vv
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Voir les logs :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# tcpdump -n -e -ttt -r /var/log/pflog
|
|
|
|
|
~~~
|
|
|
|
|
|
2017-09-13 20:54:45 +02:00
|
|
|
|
Voir les vieux logs :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# zcat /var/log/pflog.0.gz |tcpdump -ne -ttt -r -
|
|
|
|
|
~~~
|
|
|
|
|
|
2016-12-29 11:25:39 +01:00
|
|
|
|
Voir les logs en temps réel :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# tcpdump -n -e -ttt -i pflog0
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Liste des états :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# pfctl -s states | less
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Flush des états :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# pfctl -F states
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Toutes les infos sur PF :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# pfctl -sa | less
|
|
|
|
|
~~~
|
2017-06-14 23:58:37 +02:00
|
|
|
|
|
|
|
|
|
Gestion des tables :
|
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# pfctl -t <table> -T flush/kill/add/delete
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
## FAQ
|
|
|
|
|
|
2017-06-20 21:55:40 +02:00
|
|
|
|
### pfctl: warning: namespace collision with \<table\> global table.
|
2017-06-14 23:58:37 +02:00
|
|
|
|
|
2017-09-13 20:53:44 +02:00
|
|
|
|
Il faut a priori effacer la table avec
|
2017-06-20 21:54:55 +02:00
|
|
|
|
|
|
|
|
|
~~~
|
|
|
|
|
# pfctl -t <table> -T kill
|
|
|
|
|
~~~
|