pfTop¶
pfTop is available from the GUI and the console menu. It offers live views of the firewall ruleset, state table information, and related statistics.
pfTop in the GUI¶
The GUI page for pfTop is at Diagnostics > pfTop. The GUI offers several options to control the output:
- View
Controls the type of output displayed by pfTop. Not all views will contain meaningful information for every firewall configuration.
- Default
Shows a balanced amount of information, based around the source and destination of the traffic.
- Label
Centered around firewall rule descriptions.
- Long
Similar to the default view, but tailored for wider displays with longer rows for more columns of information. Shows the gateway after the destination.
- Queue
Shows the ALTQ traffic shaping queues and their usage.
- Rules
Shows firewall rules and their usage.
- Size
Shows states that have passed the most data.
- Speed
Shows states that have high-rate traffic.
- State
Shows status of states.
- Time
Shows long-lived states.
- Filter Expression
An expression used to match groups of states to include in the output.
The expression can include several different types of filtering, such as:
Filter by protocol:
proto <ip|ip6|ah|carp|esp|icmp|ipv6-icmp|pfsync|tcp|udp>
Filter by address:
[src|dst|gw] [host|net|port] <host/network/port>
Filter by direction:
[in|out]
- Sort By
Some views can be sorted. When sorting is possible, the following sort methods are available. When selected, the view is sorted by the chosen column in descending order:
- None
No sorting, the natural order shown by the chosen view.
- Age
The age of the states.
- Bytes
The amount of data sent matching the state.
- Destination Address
The destination IP address of the state.
- Destination Port
The destination port number of the state.
- Expiry
The expiration time of the state. This is the countdown timer until the state will be removed if no more data matches the state.
- Peak
The peak rate of traffic matching a state in packets per second.
- Packet
The number of packets transferred matching a state.
- Rate
The current rate of traffic matching a state in packets per second.
- Size
The total amount of traffic that has matched a state.
- Source Port
The source port number of the state.
- Source Address
The source IP address of the state.
- Maximum # of States
On views that support sorting, this option limits the number of state entries shown on the page.
pfTop on the Console¶
To access pfTop from the console or via ssh use option 9
from the menu or
run pftop
from a shell prompt.
While viewing pfTop in this way, there are several methods to alter the view while watching its output.
The most common options are:
Press
h
to see a help screen that explains the available choices.Press
0
through8
to select different viewsPress
space
for an immediate updatePress
q
to quit
See the previous section for details on the meaning of the available views and sort orders.
The output is dynamically sized to the terminal width, with wider terminals showing much more information in additional columns.