--- categories: openbsd network firewall title: HowToOpenBSD/PacketFilter --- ## Tips & Astuces Vérifier la fichier de config : ~~~ # pfctl -nf /etc/pf.conf ~~~ Recharger la configuration : ~~~ # pfctl -f /etc/pf.conf ~~~ Voir la QoS en temps réel : ~~~ # systat queue # pfctl -s queue -vv ~~~ Voir les logs : ~~~ # tcpdump -n -e -ttt -r /var/log/pflog ~~~ Voir les vieux logs : ~~~ # zcat /var/log/pflog.0.gz |tcpdump -ne -ttt -r - ~~~ Voir les logs en temps réel : ~~~ # tcpdump -n -e -ttt -i pflog0 ~~~ Obtenir la règle numéro 42 : ~~~ # pfctl -sr -R42 ~~~ Liste des états : ~~~ # pfctl -s states | less ~~~ Obtenir le nombre d'états : ~~~ # # pfctl -si | grep curr ~~~ Flush des états : ~~~ # pfctl -F states ~~~ Toutes les infos sur PF : ~~~ # pfctl -sa | less ~~~ Gestion des tables : ~~~ # pfctl -t -T flush/kill/add/delete ~~~ ## FAQ ### pfctl: warning: namespace collision with \ global table. Il faut a priori effacer la table avec ~~~ # pfctl -t
-T kill ~~~ ### Valeurs des timeout D'après la man : ~~~ set optimization environment Optimize state timeouts for one of the following network environments: aggressive Aggressively expire connections. This can greatly reduce the memory usage of the firewall at the cost of dropping idle connections early. conservative Extremely conservative settings. Avoid dropping legitimate connections at the expense of greater memory utilization (possibly much greater on a busy network) and slightly increased processor utilization. high-latency A high-latency environment (such as a satellite connection). normal A normal network environment. Suitable for almost all networks. satellite Alias for high-latency. ~~~ Aggressive ~~~ tcp.first 30s tcp.opening 5s tcp.established 18000s tcp.closing 60s tcp.finwait 30s tcp.closed 30s tcp.tsdiff 10s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 60s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s ~~~ Normal ~~~ tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 60s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s ~~~ Satellite ~~~ tcp.first 180s tcp.opening 35s tcp.established 86400s tcp.closing 905s tcp.finwait 50s tcp.closed 95s tcp.tsdiff 60s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 60s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s ~~~