pf Quickstart Guide
Last Updated: Mon, Apr 13, 2020
OpenBSD Packet Filter (pf) is a stateful packet filter firewall. pf was developed for OpenBSD, but has been ported to many other operating systems. This quickstart guide outlines several useful commands and techniques to assist debugging pf.
Enable and start pf
To enable pf at boot, add pf_enable=yes to /etc/rc.conf:
# sysrc pf_enable=yes
Start pf manually.
# pfctl -e
View the pf ruleset
Show the current ruleset.
# pfctl -sr
Show everything possible.
# pfctl -sa
Stop and disable pf
Stop pf.
# pfctl -d
Disable pf at boot.
# rcctl disable pf
Example: Allow SSH, block all other
This trivial example will allow SSH into the server while blocking everything else. Add the following to /etc/pf.conf.
block all
pass out proto tcp to any port 22 keep state
More Information
See the pf documentation for more details.
Want to contribute?
You could earn up to $300 by adding new articles