输入下面这些命令:
# service pflog start # service pflog stop # service pflog restart
第四步:pfctl 命令的简单介绍
你需要使用 pfctl 命令来查看 PF 规则集和参数配置,包括来自包过滤器的状态信息。让我们来看一下所有常见命令:
显示 PF 规则信息
# pfctl -s rules
示例输出:
block return in log all block drop out all block drop in quick on ! vtnet0 inet from 172.xxx.yyy.zzz/24 to any block drop in quick inet from 172.xxx.yyy.zzz/24 to any pass in quick on vtnet0 inet proto tcp from 139.aaa.ccc.ddd to 172.xxx.yyy.zzz/24 port = ssh flags S/SA keep state label "USER_RULE: Allow SSH from 139.aaa.ccc.ddd" pass inet proto icmp all icmp-type echoreq keep state pass out quick on vtnet0 proto tcp from any to any port = domain flags S/SA keep state pass out quick on vtnet0 proto tcp from any to any port = ntp flags S/SA keep state pass out quick on vtnet0 proto tcp from any to any port = smtp flags S/SA keep state pass out quick on vtnet0 proto tcp from any to any port = http flags S/SA keep state pass out quick on vtnet0 proto tcp from any to any port = https flags S/SA keep state pass out quick on vtnet0 proto tcp from any to any port = ftp flags S/SA keep state pass out quick on vtnet0 proto tcp from any to any port = ssh flags S/SA keep state pass out quick on vtnet0 proto udp from any to any port = domain keep state pass out quick on vtnet0 proto udp from any to any port = ntp keep state
显示每条规则的详细内容
# pfctl -v -s rules
在每条规则的详细输出中添加规则编号:
# pfctl -vvsr show
显示状态信息
# pfctl -s state # pfctl -s state | more # pfctl -s state | grep 'something'
如何在命令行中禁止 PF 服务
# pfctl -d
如何在命令行中启用 PF 服务
# pfctl -e
如何在命令行中刷新 PF 规则/NAT/路由表
# pfctl -F all
示例输出:
rules cleared nat cleared 0 tables deleted. 2 states cleared source tracking entries cleared pf: statistics cleared pf: interface flags reset
如何在命令行中仅刷新 PF 规则
# pfctl -F rules
如何在命令行中仅刷新队列
# pfctl -F queue
如何在命令行中刷新统计信息(它不是任何规则的一部分)
# pfctl -F info
如何在命令行中清除所有计数器
# pfctl -z clear
第五步:查看 PF 日志
PF 日志是二进制格式的。使用下面这一命令来查看:
# tcpdump -n -e -ttt -r /var/log/pflog
(编辑:ASP站长网)
|