Vultr

Article

Table of Contents
Theme:
Was this article helpful?
Try Vultr Today with

$50 Free on Us!

Get started now!
Want to contribute?

You could earn up to $300 by adding new articles!

Learn more!

pf Quickstart Guide

Last Updated: Mon, Apr 13, 2020
Quickstart Guides Security System Admin

OpenBSD Packet Filter (pf) is a stateful packet filter firewall. pf was developed for OpenBSD, but has been ported to many other operating systems. This quickstart guide outlines several useful commands and techniques to assist debugging pf.

Enable and start pf

To enable pf at boot, add pf_enable=yes to /etc/rc.conf:

# sysrc pf_enable=yes

Start pf manually.

# pfctl -e

View the pf ruleset

Show the current ruleset.

# pfctl -sr

Show everything possible.

# pfctl -sa

Stop and disable pf

Stop pf.

# pfctl -d

Disable pf at boot.

# rcctl disable pf

Example: Allow SSH, block all other

This trivial example will allow SSH into the server while blocking everything else. Add the following to /etc/pf.conf.

block all
pass out proto tcp to any port 22 keep state

More Information

See the pf documentation for more details.

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article Suggest an update Request an article