PF Syntax

Index
action, 10
address, 13
af, 11
altq.rule, 8
anchor.rule, 8
antispoof.rule, 7
bandwidth.spec, 9
binary.op, 15
binat.rule, 6
cbq.def, 21
cbq.opt, 21
lteropt, 4
lteropt.list, 4
ag.set, 16
ags, 16
fragmentation, 18
group, 15
hfsc.def, 21
hfsc.opt, 22
host, 12
host.list, 13
hosts, 12
icmp.list, 17
icmp.type, 16
icmp.type.code, 17
icmp6.type, 16
icmp6code, 11
icmpcode, 10
ifspec, 11
interface.list, 11
ipspec, 12
limit.item, 20
limit.list, 19
line, 2
linkshare.sc, 22
load.anchor, 8
nat.rule, 6
op.list, 15
option, 2
os, 14
os.list, 16
os.name, 16
pf.rule, 3
pooltype, 20
port, 14
portspec, 14
priq.def, 21
priq.opt, 22
proto.list, 12
protospec, 12
queue.list, 20
queue.rule, 8
queueopts, 9
queueopts.list, 9
rdr.rule, 6
realtime.sc, 22
redirhost, 13
redirhost.list, 14
return, 10
route, 11
routehost, 13
routehost.list, 14
sc.spec, 22
schedulers, 9
state.opt, 18
state.opts, 17
subqueue, 20
table.rule, 7
tableaddr, 8
tableaddr.list, 7
tableaddr.spec, 7
tableopts, 7
tableopts.list, 7
timeout, 18
timeout.list, 18
tos, 17
trans.anchors, 8
unary.op, 15
upperlimit.sc, 22
user, 14
1
line
-
option
-
pf.rule
-
nat.rule
-
binat.rule
-
rdr.rule
-
antispoof.rule
-
altq.rule
-
queue.rule
-
anchor.rule
-
trans.anchors
-
load.anchors
-
table.rule
-
2
option
-
set
-
timeout
-
timeout
-
{
-
timeout.list
-
}
-
optimization
-
default
-
normal
-
high-latency
-
satellite
-
aggressive
-
conservative
-
limit
-
limit.item
-
{
-
limit.list
-
}
-
loginterface
-
interface.name
-
none
-
block-policy
-
drop
-
return
-
require-order
-
yes
-
no
-
fingerprints
-
lename
-
debug
-
none
-
urgent
-
misc
-
loud
-
3
pf.rule
-
action

-
in
-
out
-
log
-
log-all
-
quick
-
on
-
ifspec
-
route
-
af
-
protospec

-
hosts

-
lteropt.list
-
lteropt.list
-
lteropt.list
-
lteropt
-
lteropt
-
4
lteropt
-
user
-
group
-
ags
-
icmp.type
-
icmp6.type
-
tos
-
keep
-
modulate
-
synproxy
-
state
-
(
-
state.opts
-
)
-
fragment
-
no-df
-
min-ttl
-
number
-
max-mss
-
number
-
random-id
-
reassemble tcp
-
fragmentation
-
allow-opts
-
label
-
string
-
tag
-
string
-
!
-
tagged
-
string
-
queue
-
string
-
(
-
string

-
,
-
string
-
)
-
5
nat.rule
-
no
-
nat
-
pass
-
on
-
ifspec
-
af
-
protospec
-
hosts

-
tag
-
string
-
->
-
redirhost
-
{
-
redirhost.list
-
}
-
portspec
-
pooltype
-
static-port
-
binat.rule
-
no
-
binat
-
pass
-
on
-
interface.name
-
af
-
proto
-
proto.name
-
proto.number

-
from
-
address

-
/
-
mask.bits
-
to
-
ipspec

-
tag
-
string
-
->
-
address

-
/
-
mask.bits
-
rdr.rule
-
no
-
rdr
-
pass
-
on
-
ifspec
-
af
-
protospec
-
hosts

-
tag
-
string
-
->
-
redirhost
-
{
-
redirhost.list
-
}
-
portspec
-
pooltype
-
6
antispoof.rule
-
antispoof
-
log
-
quick
-
for
-
interface.name
-
{
-
interface.list
-
}
-
af
-
label
-
string
-
table.rule
-
table
-
<
-
string
-
>
-
tableopts.list
-
tableopts.list
-
tableopts.list
-
tableopts
-
tableopts
-
tableopts
-
persist
-
const
-
file
-
string
-
{
-
tableaddr.list
-
}
-
tableaddr.list
-
tableaddr.list

-
,
-
tableaddr.spec
-
tableaddr.spec
-
tableaddr.spec
-
!
-
tableaddr

-
/
-
mask.bits
-
7
tableaddr
-
hostname
-
ipv4.dotted.quad
-
ipv6.coloned.hex
-
interface.name
-
self
-
altq.rule
-
altq on
-
interface.name
-
queueopts.list
-
queue
-
subqueue
-
queue.rule
-
queue
-
string

-
on
-
interface.name
-
queueopts.list
-
subqueue
-
anchor.rule
-
anchor
-
string

-
in
-
out
-
on
-
ifspec
-
af
-
proto
-
protospec
-
hosts
-
trans.anchors
-
nat-anchor
-
rdr-anchor
-
binat-anchor
-
string

-
on
-
ifspec
-
af
-
proto
-
protospec
-
hosts
-
load.anchor
-
load anchor
-
anchorname
-
8
-
rulesetname
-
from
-
lename
-
queueopts.list
-
queueopts.list
-
queueopts
-
queueopts
-
queueopts
-
bandwidth
-
bandwidth.spec
-
qlimit
-
number
-
tbrsize
-
number
-
priority
-
number
-
schedulers
-
schedulers
-
cbq.def
-
priq.def
-
hfsc.def
-
9
bandwidth.spec
-
number
-
b
-
Kb
-
Mb
-
Gb
-
%
-
action
-
pass
-
block
-
return
-
scrub
-
return
-
drop
-
return
-
return-rst
-
( ttl
-
number
-
)
-
return-icmp
-
(
-
icmpcode

-
,
-
icmp6code
-
)
-
return-icmp6
-
(
-
icmp6code
-
)
-
10
icmpcode
-
icmp.code.name
-
icmp.code.number
-
icmp6code
-
icmp6.code.name
-
icmp6.code.number
-
ifspec
-
!
-
interface.name
-
{
-
interface.list
-
}
-
interface.list
-
!
-
interface.name

-
,
-
interface.list
-
route
-
fastroute
-
route-to
-
reply-to
-
dup-to
-
routehost
-
{
-
routehost.list
-
}
-
pooltype
-
af
-
inet
-
inet6
-
11
protospec
-
proto
-
proto.name
-
proto.number
-
{
-
proto.list
-
}
-
proto.list
-
proto.name
-
proto.number
-
,
-
proto.list
-
hosts
-
all
-
from
-
any
-
no-route
-
self
-
host
-
{
-
host.list
-
}
-
port
-
os
-
to
-
any
-
no-route
-
self
-
host
-
{
-
host.list
-
}
-
port
-
ipspec
-
any
-
host
-
{
-
host.list
-
}
-
12
host
-
!
-
address

-
/
-
mask.bits
-
<
-
string
-
>
-
redirhost
-
address

-
/
-
mask.bits
-
routehost
-
interface.name

-
address

-
/
-
mask.bits
-
address
-
interface.name
-
(
-
interface.name
-
)
-
hostname
-
ipv4.dotted.quad
-
ipv6.coloned.hex
-
host.list
-
host

-
,
-
host.list
-
13
redirhost.list
-
redirhost

-
,
-
redirhost.list
-
routehost.list
-
routehost

-
,
-
routehost.list
-
port
-
port
-
unary.op
-
binary.op
-
{
-
op.list
-
}
-
portspec
-
port
-
number
-
name
-
:
-
*
-
number
-
name
-
os
-
os
-
os.name
-
{
-
os.list
-
}
-
14
user
-
user
-
unary.op
-
binary.op
-
{
-
op.list
-
}
-
group
-
group
-
unary.op
-
binary.op
-
{
-
op.list
-
}
-
unary.op
-
=
-
!=
-
<
-
<=
-
>
-
>=
-
name
-
number
-
binary.op
-
number
-
<>
-
><
-
:
-
number
-
15
op.list
-
unary.op
-
binary.op
-
,
-
op.list
-
os.name
-
operating.system.name
-
os.list
-
os.name

-
,
-
os.list
-
ags
-
flags
-
ag.set
-
/
-
ag.set
-
ag.set
-
F
-
S
-
R
-
P
-
A
-
U
-
E
-
W
-
icmp.type
-
icmp-type
-
icmp.type.code
-
{
-
icmp.list
-
}
-
16
icmp6.type
-
icmp6-type
-
icmp.type.code
-
{
-
icmp.list
-
}
-
icmp.type.code
-
icmp.type.name
-
icmp.type.number
-
code
-
icmp.code.name
-
icmp.code.number
-
icmp.list
-
icmp.type.code

-
,
-
icmp.list
-
tos
-
tos
-
lowdelay
-
throughput
-
reliability
-
0x
-
number
-
state.opts
-
state.opt

-
,
-
state.opts
-
17
state.opt
-
max
-
number
-
no-sync
-
timeout
-
fragmentation
-
fragment reassemble
-
fragment crop
-
fragment drop-ovl
-
timeout.list
-
timeout

-
,
-
timeout.list
-
18
timeout
-
tcp.first
-
tcp.opening
-
tcp.established
-
tcp.closing
-
tcp.finwait
-
tcp.closed
-
udp.first
-
udp.single
-
udp.multiple
-
icmp.first
-
icmp.error
-
other.first
-
other.single
-
other.multiple
-
frag
-
interval
-
adaptive.start
-
adaptive.end
-
number
-
19
limit.list
-
limit.item

-
,
-
limit.list
-
limit.item
-
states
-
frags
-
number
-
pooltype
-
bitmask
-
random
-
source-hash
-
hex.key
-
string.key
-
round-robin
-
subqueue
-
string
-
{
-
queue.list
-
}
-
queue.list
-
string

-
,
-
string
-
20
cbq.def
-
cbq
-
(
-
cbq.opt

-
,
-
cbq.opt
-
)
-
priq.def
-
priq
-
(
-
priq.opt

-
,
-
priq.opt
-
)
-
hfsc.def
-
hfsc
-
(
-
hfsc.opt

-
,
-
hfsc.opt
-
)
-
cbq.opt
-
default
-
borrow
-
red
-
ecn
-
rio
-
21
priq.opt
-
default
-
red
-
ecn
-
rio
-
hfsc.opt
-
default
-
red
-
ecn
-
rio
-
linkshare.sc
-
realtime.sc
-
upperlimit.sc
-
linkshare.sc
-
linkshare
-
sc.spec
-
realtime.sc
-
realtime
-
sc.spec
-
upperlimit.sc
-
upperlimit
-
sc.spec
-
sc.spec
-
bandwidth.spec
-
(
-
bandwidth.spec
-
number
-
bandwidth.spec
-
)
-
22

PF Syntax

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

PF Syntax

Caricato da

Copyright:

Formati disponibili

Index

Potrebbero piacerti anche