Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 14.0-CURRENT FreeBSD 13.2-STABLE FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.4-STABLE FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.1 CentOS 7.0 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 8.1.0 Debian 7.8.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 IRIX 6.5.30 Inferno 4th Edition Linux Slackware 3.1 MACH 2.5/i386 Minix 2.0 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenStep 4.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips OpenDarwin 20030208pre4/ppc Plan 9 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Red Hat 9 Rhapsody DR1 Rhapsody DR2 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

IPF(8)			    System Manager's Manual			IPF(8)

NAME
       ipf - alters packet filtering lists for IP packet input and output

SYNOPSIS
       ipf  [  -6AcdDEInoPrsvVyzZ  ] [ -l <block|pass|nomatch> ] [ -T <option-
       list> ] [ -F <i|o|a|s|S>	] -f <filename>	[ -f <filename>	[...]]

DESCRIPTION
       ipf opens the filenames listed (treating	"-" as stdin) and  parses  the
       file  for  a  set  of  rules  which are to be added or removed from the
       packet filter rule set.

       Each rule processed by ipf is added to the kernel's internal  lists  if
       there  are  no parsing problems.	 Rules are added to the	end of the in-
       ternal lists, matching the order	in which they  appear  when  given  to
       ipf.

OPTIONS
       -6     This  option  is	required  to parse IPv6	rules and to have them
	      loaded.

       -A     Set the list to make changes to the active list (default).

       -c <language>
	      This option causes ipf to	generate output	files for  a  compiler
	      that  supports  language.	  At present, the only target language
	      supported	is C (-cc)  for	 which	two  files  -  ip_rules.c  and
	      ip_rules.h  are  generated  in the CURRENT DIRECTORY when	ipf is
	      being run.  These	files can be used with	the  IPFILTER_COMPILED
	      kernel option to build filter rules staticly into	the kernel.

       -d     Turn debug mode on.  Causes a hexdump of filter rules to be gen-
	      erated as	it processes each one.

       -D     Disable the filter (if enabled).	 Not  effective	 for  loadable
	      kernel versions.

       -E     Enable  the  filter  (if	disabled).  Not	effective for loadable
	      kernel versions.

       -F <i|o|a>
	      This option specifies which filter list to flush.	 The parameter
	      should  either  be  "i" (input), "o" (output) or "a" (remove all
	      filter rules).  Either a single letter or	an entire word	start-
	      ing  with	 the appropriate letter	maybe used.  This option maybe
	      before, or after,	any other with the order on the	 command  line
	      being that used to execute options.

       -F <s|S>
	      To  flush	entries	from the state table, the -F option is used in
	      conjunction with either "s" (removes state information about any
	      non-fully	 established  connections)  or "S" (deletes the	entire
	      state table).  Only one of the two  options  may	be  given.   A
	      fully  established  connection will show up in ipfstat -s	output
	      as 5/5, with deviations either way indicating it	is  not	 fully
	      established any more.

       -f <filename>
	      This  option  specifies  which files ipf should use to get input
	      from for modifying the packet filter rule	lists.

       -I     Set the list to make changes to the inactive list.

       -l  <pass|block|nomatch>
	      Use of the -l flag toggles default logging  of  packets.	 Valid
	      arguments	 to  this option are pass, block and nomatch.  When an
	      option is	set, any packet	which exits filtering and matches  the
	      set  category  is	 logged.   This	is most	useful for causing all
	      packets which don't match	any of the loaded rules	to be logged.

       -n     This flag	(no-change) prevents  ipf  from	 actually  making  any
	      ioctl  calls  or	doing anything which would alter the currently
	      running kernel.

       -o     Force rules by default to	be added/deleted  to/from  the	output
	      list, rather than	the (default) input list.

       -P     Add rules	as temporary entries in	the authentication rule	table.

       -r     Remove  matching filter rules rather than	add them to the	inter-
	      nal lists

       -s     Swap the active filter list in use to be the  "other"  one.   -T
	      <optionlist>  This  option  allows run-time changing of IPFilter
	      kernel variables.	 Some variables	require	IPFilter to  be	 in  a
	      disabled state (-D) for changing,	others do not.	The optionlist
	      parameter	is a comma separated list of tuning commands.  A  tun-
	      ing  command  is either "list" (retrieve a list of all variables
	      in the kernel, their maximum, minimum and	current	value),	a sin-
	      gle  variable  name  (retrieve its current value)	and a variable
	      name with	a following assignment to set a	new value.  Some exam-
	      ples follow.
	      #	Print out all IPFilter kernel tunable parameters
	      ipf -T list
	      #	Display	the current TCP	idle timeout and then set it to	3600
	      ipf -D -T	fr_tcpidletimeout,fr_tcpidletimeout=3600 -E
	      #	Display	current	values for fr_pass and fr_chksrc, then set fr_chksrc to	1.
	      ipf -T fr_pass,fr_chksrc,fr_chksrc=1

       -v     Turn  verbose  mode  on.	 Displays information relating to rule
	      processing.

       -V     Show version information.	 This will display the version	infor-
	      mation  compiled	into  the  ipf binary and retrieve it from the
	      kernel code (if running/present).	 If it is present in the  ker-
	      nel,  information	 about	its  current  state  will be displayed
	      (whether logging is active, default filtering, etc).

       -y     Manually resync the in-kernel interface list  maintained	by  IP
	      Filter with the current interface	status list.

       -z     For  each	rule in	the input file,	reset the statistics for it to
	      zero and display the statistics prior to them being zeroed.

       -Z     Zero global statistics held in the  kernel  for  filtering  only
	      (this doesn't affect fragment or state statistics).

FILES
       /dev/ipauth
       /dev/ipl
       /dev/ipstate

SEE ALSO
       ipftest(1), mkfilters(1), ipf(4), ipl(4), ipf(5), ipfstat(8), ipmon(8),
       ipnat(8)

DIAGNOSTICS
       Needs to	be run as root for the packet filtering	lists to  actually  be
       affected	inside the kernel.

BUGS
       If you find any,	please send email to me	at darrenr@pobox.com

									IPF(8)

---

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | FILES | SEE ALSO | DIAGNOSTICS | BUGS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ipf&sektion=8&manpath=FreeBSD+6.0-RELEASE>

home | help

---

Legal Notices | © 1995-2023 The FreeBSD Project. All rights reserved.

Contact