Grab bag of IPF firewall commands for FreeBSD and Solaris 10

Nothing new here , just a round-up of the commands/configs I happen to need from time to time. Google probably has better references for that.I talk about Pf firewall used in FreeBSD, OpenBSD and Solaris systems.

Enable and disable firewall:

pfctl –e

Enable packet filter real time

pfctl –ef /etc/pf.conf

Enable packet filter and load rules from /etc/pf.conf

pfctl –d

Disable packet filter

Enable/disable permanently to survive reboot

OpenBSD :




Working with rules.

pfctl –F all

Flush (remove) all the active rules from the running packet filter , means PERMIT ANY ANY.

pfctl –n –f /etc/pf.conf

just parse rules from file , not actually loading them, to check syntax

pfctl -f /etc/pf.conf

Load rules from file

Order of rules in the file : options, normalization, queuing, translation, and filtering rules.

Show commands.

pfctl –s info

Show filter information

pfctl -s rules

Show the currently loaded filter rules

pfctl -s state

Show the contents of the state table.

pfctl -s all

Show all of the above

Simplest set of rules - block all the incoming but ssh, allow all the outgoing from the server:

block in all   
pass out all keep state   
pass in   proto tcp from any to any port 22

Follow me on not to miss what I publish on Linkedin, Github, blog, and more.