分类: BSD

2008-05-19 17:58:04

     -s modifier
             Show the filter parameters specified by modifier (may be abbrevi-

             -s nat         Show the currently loaded NAT rules.
             -s queue       Show the currently loaded queue rules.  When used
                            together with -v, per-queue statistics are also
                            shown.  When used together with -v -v, pfctl will
                            loop and show updated queue statistics every five
                            seconds, including measured bandwidth and packets
                            per second.
             -s rules       Show the currently loaded filter rules.  When used
                            together with -v, the per-rule statistics (number
                            of evaluations, packets and bytes) are also shown.
                            Note that the ``skip step'' optimization done
                            automatically by the kernel will skip evaluation
                            of rules where possible.  Packets passed state-
                            fully are counted in the rule that created the
                            state (even though the rule isn't evaluated more
                            than once for the entire connection).
             -s Anchors     Show the currently loaded anchors directly
                            attached to the main ruleset.  If -a anchor is
                            specified as well, the anchors loaded directly
                            below the given anchor are shown instead.  If -v
                            is specified, all anchors attached under the tar-
                            get anchor will be displayed recursively.
             -s state       Show the contents of the state table.
             -s Sources     Show the contents of the source tracking table.
             -s info        Show filter information (statistics and counters).
                            When used together with -v, source tracking sta-
                            tistics are also shown.
             -s labels      Show per-rule statistics (label, evaluations,
                            packets total, bytes total, packets in, bytes in,
                            packets out, bytes out) of filter rules with
                            labels, useful for accounting.
             -s timeouts    Show the current global timeouts.
             -s memory      Show the current pool memory hard limits.
             -s Tables      Show the list of tables.
             -s osfp        Show the list of operating system fingerprints.
             -s Interfaces  Show the list of interfaces and interface drivers
                            available to PF.  When used together with -v, it
                            additionally lists which interfaces have skip
                            rules activated.  When used together with -vv,
                            interface statistics are also shown.  -i can be
                            used to select an interface or a group of inter-
             -s all         Show all of the above, except for the lists of
                            interfaces and operating system fingerprints.
