194 lines
4 KiB
Markdown
194 lines
4 KiB
Markdown
---
|
||
categories: openbsd network firewall
|
||
title: HowToOpenBSD/PacketFilter
|
||
---
|
||
|
||
## Tips & Astuces
|
||
|
||
Vérifier la fichier de config :
|
||
|
||
~~~
|
||
# pfctl -nf /etc/pf.conf
|
||
~~~
|
||
|
||
Recharger la configuration :
|
||
|
||
~~~
|
||
# pfctl -f /etc/pf.conf
|
||
~~~
|
||
|
||
Voir la QoS en temps réel :
|
||
|
||
~~~
|
||
# systat queue
|
||
# pfctl -s queue -vv
|
||
~~~
|
||
|
||
Voir les logs :
|
||
|
||
~~~
|
||
# tcpdump -n -e -ttt -r /var/log/pflog
|
||
~~~
|
||
|
||
Voir les vieux logs :
|
||
|
||
~~~
|
||
# zcat /var/log/pflog.0.gz |tcpdump -ne -ttt -r -
|
||
~~~
|
||
|
||
Voir les logs en temps réel :
|
||
|
||
~~~
|
||
# tcpdump -n -e -ttt -i pflog0
|
||
~~~
|
||
|
||
Obtenir la règle numéro 42 :
|
||
|
||
~~~
|
||
# pfctl -sr -R42
|
||
~~~
|
||
|
||
Liste des états :
|
||
|
||
~~~
|
||
# pfctl -s states | less
|
||
~~~
|
||
|
||
Obtenir le nombre d'états :
|
||
|
||
~~~
|
||
# # pfctl -si | grep curr
|
||
~~~
|
||
|
||
Flush des états :
|
||
|
||
~~~
|
||
# pfctl -F states
|
||
~~~
|
||
|
||
Toutes les infos sur PF :
|
||
|
||
~~~
|
||
# pfctl -sa | less
|
||
~~~
|
||
|
||
Gestion des tables :
|
||
|
||
~~~
|
||
# pfctl -t <table> -T flush/kill/add/delete
|
||
~~~
|
||
|
||
## FAQ
|
||
|
||
### pfctl: warning: namespace collision with \<table\> global table.
|
||
|
||
Il faut a priori effacer la table avec
|
||
|
||
~~~
|
||
# pfctl -t <table> -T kill
|
||
~~~
|
||
|
||
### Valeurs des timeout
|
||
|
||
D'après la man :
|
||
|
||
~~~
|
||
set optimization environment
|
||
Optimize state timeouts for one of the following network
|
||
environments:
|
||
|
||
aggressive
|
||
Aggressively expire connections. This can greatly reduce
|
||
the memory usage of the firewall at the cost of dropping
|
||
idle connections early.
|
||
conservative
|
||
Extremely conservative settings. Avoid dropping
|
||
legitimate connections at the expense of greater memory
|
||
utilization (possibly much greater on a busy network) and
|
||
slightly increased processor utilization.
|
||
high-latency
|
||
A high-latency environment (such as a satellite
|
||
connection).
|
||
normal A normal network environment. Suitable for almost all
|
||
networks.
|
||
satellite
|
||
Alias for high-latency.
|
||
|
||
~~~
|
||
|
||
Aggressive
|
||
|
||
~~~
|
||
tcp.first 30s
|
||
tcp.opening 5s
|
||
tcp.established 18000s
|
||
tcp.closing 60s
|
||
tcp.finwait 30s
|
||
tcp.closed 30s
|
||
tcp.tsdiff 10s
|
||
udp.first 60s
|
||
udp.single 30s
|
||
udp.multiple 60s
|
||
icmp.first 20s
|
||
icmp.error 10s
|
||
other.first 60s
|
||
other.single 30s
|
||
other.multiple 60s
|
||
frag 60s
|
||
interval 10s
|
||
adaptive.start 6000 states
|
||
adaptive.end 12000 states
|
||
src.track 0s
|
||
~~~
|
||
|
||
Normal
|
||
|
||
~~~
|
||
tcp.first 120s
|
||
tcp.opening 30s
|
||
tcp.established 86400s
|
||
tcp.closing 900s
|
||
tcp.finwait 45s
|
||
tcp.closed 90s
|
||
tcp.tsdiff 30s
|
||
udp.first 60s
|
||
udp.single 30s
|
||
udp.multiple 60s
|
||
icmp.first 20s
|
||
icmp.error 10s
|
||
other.first 60s
|
||
other.single 30s
|
||
other.multiple 60s
|
||
frag 60s
|
||
interval 10s
|
||
adaptive.start 6000 states
|
||
adaptive.end 12000 states
|
||
src.track 0s
|
||
~~~
|
||
|
||
Satellite
|
||
|
||
~~~
|
||
tcp.first 180s
|
||
tcp.opening 35s
|
||
tcp.established 86400s
|
||
tcp.closing 905s
|
||
tcp.finwait 50s
|
||
tcp.closed 95s
|
||
tcp.tsdiff 60s
|
||
udp.first 60s
|
||
udp.single 30s
|
||
udp.multiple 60s
|
||
icmp.first 20s
|
||
icmp.error 10s
|
||
other.first 60s
|
||
other.single 30s
|
||
other.multiple 60s
|
||
frag 60s
|
||
interval 10s
|
||
adaptive.start 6000 states
|
||
adaptive.end 12000 states
|
||
src.track 0s
|
||
|
||
~~~
|