4 KiB
4 KiB
| categories | title |
|---|---|
| openbsd network firewall | HowToOpenBSD/PacketFilter |
Tips & Astuces
Vérifier la fichier de config :
# pfctl -nf /etc/pf.conf
Recharger la configuration :
# pfctl -f /etc/pf.conf
Voir la QoS en temps réel :
# systat queue
# pfctl -s queue -vv
Voir les logs :
# tcpdump -n -e -ttt -r /var/log/pflog
Voir les vieux logs :
# zcat /var/log/pflog.0.gz |tcpdump -ne -ttt -r -
Voir les logs en temps réel :
# tcpdump -n -e -ttt -i pflog0
Obtenir la règle numéro 42 :
# pfctl -sr -R42
Liste des états :
# pfctl -s states | less
Obtenir le nombre d'états :
# # pfctl -si | grep curr
Flush des états :
# pfctl -F states
Toutes les infos sur PF :
# pfctl -sa | less
Gestion des tables :
# pfctl -t <table> -T flush/kill/add/delete
FAQ
pfctl: warning: namespace collision with <table> global table.
Il faut a priori effacer la table avec
# pfctl -t <table> -T kill
Valeurs des timeout
D'après la man :
set optimization environment
Optimize state timeouts for one of the following network
environments:
aggressive
Aggressively expire connections. This can greatly reduce
the memory usage of the firewall at the cost of dropping
idle connections early.
conservative
Extremely conservative settings. Avoid dropping
legitimate connections at the expense of greater memory
utilization (possibly much greater on a busy network) and
slightly increased processor utilization.
high-latency
A high-latency environment (such as a satellite
connection).
normal A normal network environment. Suitable for almost all
networks.
satellite
Alias for high-latency.
Aggressive
tcp.first 30s
tcp.opening 5s
tcp.established 18000s
tcp.closing 60s
tcp.finwait 30s
tcp.closed 30s
tcp.tsdiff 10s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 60s
interval 10s
adaptive.start 6000 states
adaptive.end 12000 states
src.track 0s
Normal
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 60s
interval 10s
adaptive.start 6000 states
adaptive.end 12000 states
src.track 0s
Satellite
tcp.first 180s
tcp.opening 35s
tcp.established 86400s
tcp.closing 905s
tcp.finwait 50s
tcp.closed 95s
tcp.tsdiff 60s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 60s
interval 10s
adaptive.start 6000 states
adaptive.end 12000 states
src.track 0s