pfctl -s state output explanation

denizeren

denizeren

Can anybody tell me where can I find full explanation of pfctl -s state output?

Code: 
all tcp 192.168.0.123:22 <- 192.168.0.234:38095 ESTABLISHED:ESTABLISHED

What direction means, which TCP infos are available like ESTABLISHED:ESTABLISED and so on.

Good day to you..
 
I'd start with getting to know TCP/IP. Once you know how that works the information pfctl(8) presents will be clear.
 
I know TCP/IP I didn't understand the representation. I read in maillist that the arrows which stand for -> for outgoing to firewall from interface and <- for incoming to firewall from interface.

What is value1:value2 representing in example it is (ESTABLISHED:ESTABLISED). What is value1 representing and value2 representing.

Also what are the valid state table states.

I saw these TCP states:
-----------------------
SINGLE
MULTIPLE
LISTEN
SYN_SENT
SYN_RECEIVED
ESTABLISHED
CLOSE_WAIT
LAST_ACK
FIN_WAIT_1
CLOSING
FIN_WAIT_2
TIME_WAIT

Are used. But what does NO_TRAFFIC, SINGLE:MULTIPLE are used for. Are there any other states that I did not write here?
 
If you're versed in things like the three-way handshake (SYN, SYN/ACK, ACK) and how that establishes a state, the statelessness of UDP, how timed-out states get torn down (FIN, FIN/ACK, ACK) after an inactivity time-out (FIN/WAIT, CLOSE/WAIT, CLOSING ...) etcetera, it should be no secret what these terms mean. So SirDice's reply about having to understand TCP/IP basics and terminology is simply the correct answer. One is impossible to understand (and explain) without knowledge of the other.
 
That's a connection from 192.168.0.234:38095 to 192.168.0.123:22 that's fully established (three-way handshake completed and state set up). Given the port (ssh, tcp/22) that's pretty logical.
 
A lot of them are the basic TCP session states. The rest is housekeeping. The state table stores information about connections, return trafic, NAT translations etc. I rarely look at it.
 
You must log in or register to reply here.
Back
Top