Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 14.0-CURRENT FreeBSD 13.2-STABLE FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.4-STABLE FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.1 CentOS 7.0 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 8.1.0 Debian 7.8.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 IRIX 6.5.30 Inferno 4th Edition Linux Slackware 3.1 MACH 2.5/i386 Minix 2.0 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenStep 4.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips OpenDarwin 20030208pre4/ppc Plan 9 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Red Hat 9 Rhapsody DR1 Rhapsody DR2 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

PFTOP(8)		FreeBSD	System Manager's Manual		      PFTOP(8)

NAME
     pftop -- display pf states

SYNOPSIS
     pftop [-abDhir] [-c cache]	[-d count] [-f filter] [-o field] [-s time]
	   [-v view] [-w width]	[number]

DESCRIPTION
     pftop displays the	active packetfilter states and rules, and periodically
     updates this information.	If standard output is an intelligent terminal
     (see below) then as many states as	will fit on the	terminal screen	are
     displayed by default.  Otherwise, a good number of	them are shown (around
     20).  If number is	given, then the	top number states will be displayed
     instead of	the default.  The displayed states are filtered	according to
     the filter	specification.

     The options are as	follows:

     -a	     List all states.  This option is only valid in batch mode.

     -b	     Use batch mode.  In this mode, all	input from the terminal	is ig-
	     nored.  Interrupt characters (such	as `^C'	and `^\') still	have
	     an	effect.	 This is the default on	a dumb terminal, or when the
	     output is not a terminal.

     -c	cache
	     Store cache number	of states for rate calculation.

     -d	count
	     Update the	display	count times, then exit.	 For dumb terminals,
	     the default is 1.

     -D	     This option is intended for debugging the filter. The filter code
	     and resulting states are displayed	in raw form. The binary	state
	     data is also dumped to a file named state.dmp in the current di-
	     rectory.

     -f	filter
	     This option specifies the filter that is applied to the states.
	     The filter	specification is based on the tcpdump format. See the
	     section on	STATE FILTERING	for details on the filter syntax.

     -i	     Use interactive mode.  In this mode, any input is immediately
	     read for processing.  See the section on INTERACTIVE MODE for an
	     explanation of which keys perform what functions.	After the com-
	     mand is processed,	the screen will	be updated immediately.	 This
	     mode is the default when standard output is an intelligent	termi-
	     nal.

     -o	field
	     Sort the process display area using the specified field as	the
	     primary key.  Accepted field arguments are: age, bytes, dest,
	     dport, exp, none, peak, pkt, rate,	size, sport, and src.

     -r	     Reverse the sort order.

     -s	time
	     Set the delay between display updates to time seconds.  The de-
	     fault delay is 5 seconds.

     -v	view
	     Select the	initial	arrangement of the columns. Available views
	     are: default, long, state,	time, size, rules, label, and speed.
	     The rule and label	views display rules, while the other views
	     display states.

     -w	width
	     Set the width of the display for batch mode.  The default width
	     is	80.

INTERACTIVE MODE
     When pftop	is running in interactive mode,	it reads commands from the
     terminal and acts upon them accordingly.  In this mode, the terminal is
     put in CBREAK, so that a character	will be	processed as soon as it	is
     typed.  The command will be processed and the display will	be updated im-
     mediately thereafter (reflecting any changes that the command may have
     triggered).  If a key is pressed while pftop is in	the middle of updating
     the display, it will finish the update and	then process the command.
     These commands are	currently recognized:

     c	     Enable disable state caching (enabled by default).

     f	     Set the state filter expression.

     h,?     Display a summary of the commands (help screen).

     n	     Set number	of lines to display.

     o	     Select next sorting Order.

     p	     Pause/resume display updates.

     q	     Quit pftop.

     r	     Reverse current sorting order.

     s	     Set display update	interval in Seconds.

     v	     Select next View.

     0-7     Select one	of the views directly.

     Cursor  Scroll display (up/down), and switch views	(left/right).  Most of
	     the emacs/mg motion keys work as well.

     SPACE   Update display immediately.

     CTRL-L  Refresh display.

     CTRL-G  Clear command entry line.

     The following keys	are shortcuts for sorting the display:

     A	     Sort states by Age.

     B	     Sort states by number of Bytes.

     D	     Sort by Destination port.

     E	     Sort states by Expiry time.

     F	     Sort by source address (From).

     K	     Sort by peaK speed	when caching is	enabled.

     N	     No	ordering.

     P	     Sort states by the	number of Packets.

     R	     Sort by instantaneous speed (Rate)	when caching is	enabled.

     S	     Sort by Source port.

     T	     Sort by destination address (To).

STATE FILTERING
     The expression filter selects which states	will be	displayed. It is based
     on	the tcpdump filtering language.	The following is based on the tcpdump
     manual page, modified for state filtering.

     The filter	expression consists of one or more primitives.	Primitives
     usually consist of	an id (name or number) preceded	by one or more quali-
     fiers.  There are three different kinds of	qualifiers:

     type   Specify which kind of address component the	id name	or number
	    refers to.	Possible types are host, net and port.	If there is no
	    type qualifier, host is assumed.

     dir    Specify a the address component (src, dest,	gateway) that id ap-
	    plies. Possible directions are src,	dst, gw, src or	dst, src and
	    dst.  If there is no dir qualifier,	src or dst or gw is assumed.

     proto  Restrict the match to a particular protocol.  Possible protocols
	    are: ah, carp, esp,	icmp, ip, ip6, pfsync, tcp, and	udp.  If there
	    is no protocol qualifier, all protocols consistent with the	type
	    are	assumed.

     In	addition to the	above, there are some special primitive	keywords that
     don't follow the pattern and arithmetic expressions.  All of these	are
     described below.

     More complex filter expressions are built up by using the words and, or,
     and not to	combine	primitives.

     Allowable primitives are:

     dst host host  True if the	IP destination field of	the state is host,
		    which may be either	an address or a	name.

     gw	host host   True if the	IP gateway field of the	state is host.

     src host host  True if the	IP source field	of the state is	host.

     host host	    True if either the IP source or destination	or gateway of
		    the	state is host.	If host	is a name with multiple	IP ad-
		    dresses, each address will be checked for a	match.

     dst net net    True if the	IP destination address of the state has	a net-
		    work number	of net.	 net may be either a name from
		    /etc/networks or a network number (see networks(5) for de-
		    tails).

     gw	net net	    True if the	IP gateway address of the state	has a network
		    number of net.

     src net net    True if the	IP source address of the state has a network
		    number of net.

     net net	    True if either the IP source, destination or gateway ad-
		    dress of the state has a network number of net.

		    Any	of the above host or net expressions can be prepended
		    with the keywords, ip, or ip6.

     dst port port  True if the	packet is IP/TCP or IP/UDP and has a destina-
		    tion port value of port.  The port can be a	number or name
		    from services(5) (see tcp(4) and udp(4)).  If a name is
		    used, both the port	number and protocol are	checked.  If a
		    number or ambiguous	name is	used, only the port number is
		    checked;

     port port	    True if either the source, destination or gateway port of
		    the	state is port.

		    Any	of the above port expressions can be prepended with
		    the	keywords tcp or	udp, as	in:

			  tcp src port port

		    which matches only TCP states whose	source port is port.

     inbound, in    True if the	state has an inbound direction.

     outbound, out  True if the	state has an outbound direction.

     proto proto    True if the	IP protocol type of the	state is proto.	 proto
		    can	be a number or name from protocols(5), such as icmp,
		    udp, or tcp.

     rnr num	    True if the	state was generated with the rule number in
		    the	main ruleset.

     ah, carp esp, icmp, pfsync, tcp, udp
		    Abbreviations for: proto p where p is one of the above
		    protocols.

     expr relop	expr
		    True if the	relation holds,	where relop is one of `>',
		    `<', `>=', `<=', `=', `!=',	and expr is an arithmetic ex-
		    pression composed of integer constants (expressed in
		    standard C syntax),	the normal binary operators (`+', `-',
		    `*', `/', `&', `|'), a length operator, and	special	state
		    data accessors.

		    The	following expressions can be used to access numerical
		    fields inside a state: inp,	and outp return	input and out-
		    put	packet counts.	inb, and outb is for input and output
		    bytes transferred through the state.  age is the seconds
		    since the state is created,	and exp	is the number of sec-
		    onds left before the state expires.

     Primitives	may be combined	using a	parenthesized group of primitives and
     operators.	 Allowable primitives and operators are:

	   Negation ("!" or "not")

	   Concatenation ("&&" or "and")

	   Alternation ("||" or	"or")

     Negation has highest precedence.  Alternation and concatenation have
     equal precedence and associate left to right.

     Expression	arguments must be passed to pftop as a single argument.	Since
     the expression usually contains shell metacharacters, it should be	placed
     in	quotes.

SEE ALSO
     pf(4), pfctl(8), tcpdump(8)

AUTHORS
     Can Erkin Acar

FreeBSD	13.0			March 22, 2002			  FreeBSD 13.0

---

NAME | SYNOPSIS | DESCRIPTION | INTERACTIVE MODE | STATE FILTERING | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pftop&manpath=FreeBSD+13.1-RELEASE+and+Ports>

home | help

---

Legal Notices | © 1995-2023 The FreeBSD Project. All rights reserved.

Contact