commit - 94e2f9700de638cd21a4fe0aa58bf6254215ae02
commit + 8c06089ad5cd59aaaad887949808bd94a1c77ffb
blob - 58e53e15ac18acf7bfeb34903c17c935f6a4da37
blob + 323d14763a6873206162aeb3cc27a2a996d719f3
--- commands.c
+++ commands.c
char *cmd;
char *arg;
} fpfs[] = {
- { "all", "all PF elements", PFCTL, "-Fall" },
- { "nat", "NAT rules", PFCTL, "-Fnat" },
- { "queue", "queue rules", PFCTL, "-Fqueue" },
- { "filter", "filter rules", PFCTL, "-Frules" },
- { "states", "NAT/filter states", PFCTL, "-Fstate" },
- { "stats", "PF statistics", PFCTL, "-Finfo" },
- { "tables", "PF address tables", PFCTL, "-FTables" },
+ { "all", "all PF elements", PFCTL, "-Fall" },
+ { "filter", "filter rules", PFCTL, "-Frules" },
+ { "os-fingerprint", "passive OS detection fingerprints", PFCTL, "-Fosfp" },
+ { "reset", "limits, timeouts and options", PFCTL, "-FReset" },
+ { "source-table", "source tracking table", PFCTL, "-FSources" },
+ { "states", "NAT/filter states", PFCTL, "-Fstate" },
+ { "stats", "info and stats", PFCTL, "-Finfo" },
+ { "tables", "PF address tables", PFCTL, "-FTables" },
{ 0, 0, 0, 0 }
};
blob - 110dc23caec6958d0d55b5dfc9129ff2477c9467
blob + 9a7ff7a37a3389046cca788ad7e2fe1d714f16dc
--- nsh.8
+++ nsh.8
unprivileged mode.
.Pp
.Tg flush
+.Tg reset
+.Tg kill
.Ic flush
.Op routes | arp | ndp | line | bridge-dyn | bridge-all | bridge-rule | pf | history |\&? | help
.Pp
-Clear various system tables.
+Clear various system tables, from
+.Ox
+systems such as
+.Xr bridge 4
+or,
+.Xr pf 4
+or,
+.Xr route 4
+or,
+.Xr arp 8
+or,
+.Xr ndp 8 .
+.Bd -literal -offset indent
+nsh(p)/flush ?
+% Commands may be abbreviated.
+% 'flush' commands are:
+
+ routes IP routes
+ arp ARP cache
+ ndp NDP cache
+ line Active user
+ bridge-dyn Dynamically learned bridge addresses
+ bridge-all Dynamic and static bridge addresses
+ bridge-rule Layer 2 filter rules for a bridge member port
+ pf pf NAT/filter/queue rules, states, tables
+ history Command history
+ ? Options
+.Ed
.Pp
+.Tg route
.Ic flush routes
.Pp
Clear the system routing table.
.Pp
+.Tg arp
.Ic flush arp
.Pp
Clear the system arp cache and static arp table.
.Pp
+.Tg ndp
.Ic flush ndp
.Pp
Clear the system NDP cache and static NDP table.
.Pp
+.Tg bridge
.Ic flush bridge-dyn
.Ar bridge-name
.Pp
Note! any members set manually (static members) are not removed by this
command.
.Pp
+.Tg bridge
.Ic flush bridge-all
.Ar bridge-name
.Pp
nsh/flush bridge-all bridge0
.Ed
.Pp
+.Tg bridge
.Ic flush bridge-rule
.Ar bridge-name
.Ar interface-name
nsh/flush bridge-rule bridge0 vether0
.Ed
.Pp
+.Tg history
.Ic flush history
.Pp
Clear the command history
.Pp
+.Tg pf
+.Tg flush
+.Ic flush
+.Op all | filter | os-fingerprint | reset | source-table |\
+states | stats | tables
+.Pp
+Clear or reset various aspects of PF firewall states.
+The Flush commands implement the
+.Ox
+.Xr pfctl 8
+command with the -F switch and various arguments to specify
+the property in PF you wish to flush.
+.Bd -literal -offset indent
+nsh(p)/flush pf ?
+% Arguments may be abbreviated
+
+ flush pf all all PF elements flush
+ flush pf filter filter rules flush
+ flush pf os-fingerprint passive OS detection fingerprints flush
+ flush pf reset limits, timeouts and options flush
+ flush pf source-table source tracking table flush
+ flush pf states NAT/filter states flush
+ flush pf stats info and stats flush
+ flush pf tables PF address tables flush
+.Ed
.Tg route
.Op no
.Ic route
blob - 55b1db41f6a01e2538fa98f9c60c2ecb12f1ca21
blob + 46c0cbc888cba689a4d9d7c951e338cfd92120e2
--- scripts/nshrc/test/flush-test.nshrc
+++ scripts/nshrc/test/flush-test.nshrc
flush bridge-all bridge101
flush pf all
flush pf filter
+flush pf os-fingerprint
+flush pf reset
+flush pf source-table
flush pf states
flush pf stats
flush pf tables
