pfctl cheat sheet


Only those commands, which you will probably require for setting pf up.


Fail2ban has recently switched to using anchors to avoid unnecessary reloading of the whole rule set. That was the first time I had to do with anchors and since I could not figure out a simple way to display the contents of all private tables (which can be described as subtables of anchors), I came up with this solution for my collectd monitoring:

Sample configuration

Problems and Solutions

/usr/local/etc/pf.conf:76: could not parse host specification
check that the interface in line 76 is up and has it’s IP-Address assigned
in case of a tun interface something like ifconfig tun0 alias