commit 9c2afa13b94867593a343682d9e4501b1a249a69 from: smytht via: GitHub date: Wed Oct 30 00:49:52 2024 UTC Fix flush pf commands and improve flush documentation flush nat and flush queues dont work, added in new flush commands to match pfctl -F [modifier] commit - 34841712b18142cef2d1307f14a58d87f0fa14eb commit + 9c2afa13b94867593a343682d9e4501b1a249a69 blob - 5287c97ee9c9f53122b0ca88867d57acadfbe2da blob + a556771cdc34704135f0b7713b033d1999601181 --- commands.c +++ commands.c @@ -169,13 +169,14 @@ static struct fpf { char *cmd; char *arg; } fpfs[] = { - { "all", "all PF elements", PFCTL, "-Fall" }, - { "nat", "NAT rules", PFCTL, "-Fnat" }, - { "queue", "queue rules", PFCTL, "-Fqueue" }, - { "filter", "filter rules", PFCTL, "-Frules" }, - { "states", "NAT/filter states", PFCTL, "-Fstate" }, - { "stats", "PF statistics", PFCTL, "-Finfo" }, - { "tables", "PF address tables", PFCTL, "-FTables" }, + { "all", "all PF elements", PFCTL, "-Fall" }, + { "filter", "filter rules", PFCTL, "-Frules" }, + { "os-fingerprint", "passive OS detection fingerprints", PFCTL, "-Fosfp" }, + { "reset", "limits, timeouts and options", PFCTL, "-FReset" }, + { "source-table", "source tracking table", PFCTL, "-FSources" }, + { "states", "NAT/filter states", PFCTL, "-Fstate" }, + { "stats", "info and stats", PFCTL, "-Finfo" }, + { "tables", "PF address tables", PFCTL, "-FTables" }, { 0, 0, 0, 0 } }; blob - 110dc23caec6958d0d55b5dfc9129ff2477c9467 blob + 9a7ff7a37a3389046cca788ad7e2fe1d714f16dc --- nsh.8 +++ nsh.8 @@ -3660,23 +3660,56 @@ command in order to save any variables which were set unprivileged mode. .Pp .Tg flush +.Tg reset +.Tg kill .Ic flush .Op routes | arp | ndp | line | bridge-dyn | bridge-all | bridge-rule | pf | history |\&? | help .Pp -Clear various system tables. +Clear various system tables, from +.Ox +systems such as +.Xr bridge 4 +or, +.Xr pf 4 +or, +.Xr route 4 +or, +.Xr arp 8 +or, +.Xr ndp 8 . +.Bd -literal -offset indent +nsh(p)/flush ? +% Commands may be abbreviated. +% 'flush' commands are: + + routes IP routes + arp ARP cache + ndp NDP cache + line Active user + bridge-dyn Dynamically learned bridge addresses + bridge-all Dynamic and static bridge addresses + bridge-rule Layer 2 filter rules for a bridge member port + pf pf NAT/filter/queue rules, states, tables + history Command history + ? Options +.Ed .Pp +.Tg route .Ic flush routes .Pp Clear the system routing table. .Pp +.Tg arp .Ic flush arp .Pp Clear the system arp cache and static arp table. .Pp +.Tg ndp .Ic flush ndp .Pp Clear the system NDP cache and static NDP table. .Pp +.Tg bridge .Ic flush bridge-dyn .Ar bridge-name .Pp @@ -3689,6 +3722,7 @@ Delete all dynamically learned members from bridge0. Note! any members set manually (static members) are not removed by this command. .Pp +.Tg bridge .Ic flush bridge-all .Ar bridge-name .Pp @@ -3697,6 +3731,7 @@ Clear dynamically and statically learned members from nsh/flush bridge-all bridge0 .Ed .Pp +.Tg bridge .Ic flush bridge-rule .Ar bridge-name .Ar interface-name @@ -3706,10 +3741,36 @@ Clear all rules on the named bridge on the named inter nsh/flush bridge-rule bridge0 vether0 .Ed .Pp +.Tg history .Ic flush history .Pp Clear the command history .Pp +.Tg pf +.Tg flush +.Ic flush +.Op all | filter | os-fingerprint | reset | source-table |\ +states | stats | tables +.Pp +Clear or reset various aspects of PF firewall states. +The Flush commands implement the +.Ox +.Xr pfctl 8 +command with the -F switch and various arguments to specify +the property in PF you wish to flush. +.Bd -literal -offset indent +nsh(p)/flush pf ? +% Arguments may be abbreviated + + flush pf all all PF elements flush + flush pf filter filter rules flush + flush pf os-fingerprint passive OS detection fingerprints flush + flush pf reset limits, timeouts and options flush + flush pf source-table source tracking table flush + flush pf states NAT/filter states flush + flush pf stats info and stats flush + flush pf tables PF address tables flush +.Ed .Tg route .Op no .Ic route