pfconfig - Configure packet filter parameters
/usr/sbin/pfconfig [+/-p[romisc]] [+/-c[opyall]] [-b[acklog]
nnn] [-a[ll]] [interface-name...]
The pfconfig command allows the system manager to configure
certain parameters of the packet filter driver (see
packetfilter(7)). These parameters are configured separately
for each interface; the interfaces are specified by
name on the command line (for example, ln0, and ni1). If
more than one interface is specified, they are all given
the same settings. Alternatively, you can specify -all to
configure all the packet-filter interfaces on the system.
You can set the following parameters with pfconfig: Allows
packet filter users to set the interface into promiscuous
mode (receives all packets). Whenever there is at least
one packet filter descriptor open with the ENPROMISC mode
bit set, the interface is put into promiscuous mode. When
no such descriptors are in use, the interface is returned
to normal mode. The interface is no longer put into
promiscuous mode on behalf of packet filter users; if the
interface is in promiscuous mode when this command is
given, it is returned to normal mode. (The superuser may
use ifconfig(8) to control promiscuous mode, overriding
the mode set by non-superusers. This is the default setting.)
Allows packet filter users to set the interface
into copy-all mode (receives packets sent/received by the
kernel-resident protocol software [for example, IP, ARP,
DECnet, LAT] on this host). Whenever there is at least one
packet filter descriptor open with the ENCOPYALL mode bit
set, the interface is put into copy-all mode. When no
such descriptors are in use, the interface is returned to
normal mode. The interface is no longer put into copy-all
mode on behalf of packet filter users; if the interface is
in copy-all mode when this command is given, it is
returned to normal mode. (The superuser may use ifconfig(8) to control copy-all mode, overriding the mode set
by non-superusers. This is the default setting.) Sets the
maximum backlog (packet filter input queue length) for
non-superuser descriptors to the specified number. When a
descriptor is opened, it is given a queue length limit of
two. An application can increase this backlog using the
EIOCSETW ioctl request. Superusers are allowed to
increase their backlog up to a system-wide maximum; nonsuperusers
are allowed to increase their backlog only up
to the maximum set by this program. Note that allowing
too large a backlog may result in vast amounts of kernel
memory being tied up in the packet filter driver queues.
If no configuration parameters are specified, the
pfconfig command displays the current packet filter
configuration for the network interfaces.
Only the superuser may use this command to change
the configuration.
PACKETFILTER option is not built into the running kernel
Explanation:
Packetfilter support is not built into the kernel.
Reconfigure the kernel with the packetfilter
option. pfopen: xxx: No such device
Explanation:
The specified network device does not exist on the
system, or no pfilt minor devices exist in the
/dev/pf directory. pfconfig: your system may not
be properly configured; see "man packetfilter"
Explanation:
No pfilt minor devices exist in the /dev/pf directory.
pfconfig: either network interface 'xxx' is
down, or your system may not be properly configured;
see "man packfilter"
Explanation:
The specified network device is not up and running.
pfconfig: either all of your network interfaces are
down, or your system may not be properly configured;
see "man packfilter"
Explanation:
No network devices are up and running.
Commands: intro(1), netstat(1), pfstat(1), ifconfig(8)
Files: inet.local(4), bpf(7), packetfilter(7)
pfconfig(8)
[ Back ] |
