PF How to show the current and effective rules with pf?

E

Emrion

Hi all,

Just a question, not that important, but I can't find a way for this.
I have a pf ruleset that includes several anchors.
Code: 
anchor "a1" all
anchor "a2" all
anchor "a3" all
At some time, an anchor is flushed like this: pfctl -a a1 -F all.
As a result, the rules in this anchor don't apply to pf anymore.

I would like to know how to see that. I mean the fact that this anchor isn't longer active.

I tried:
pfctl -s rules
pfctl -s Anchors
These commands make no difference between a flushed and a still active anchor.
 
pfctl -a a1 -s rules would return nothing if the a1 anchor is empty.
 
SirDice said:
pfctl -a a1 -s rules would return nothing if the a1 anchor is empty.
Click to expand...
True. But I have to test all my anchors in order to have a global view. However, this can be done in a script.

I wrote this:
Code: 
#! /bin/sh

anc=`pfctl -s Anchors`
for a in $anc
do
        r=$(pfctl -a $a -s rules)
        e="$a :"
        if [ -z "$r" ]
        then
                e="$e Off"
        else
                e="$e ON"
        fi
        echo $e
done
 
Last edited:
You must log in or register to reply here.
Back
Top