Netgate is offering COVID-19 aid for pfSense software users, learn more.
Viewing States with pfTop¶
pfTop is available from the GUI and the system console menu, and offers live views of the firewall ruleset, state table information, and related statistics.
pfTop in the GUI¶
In the GUI, pfTop can be found at Diagnostics > pfTop. The GUI offers several options to control the output:
Controls the type of output displayed by pfTop. Not all views will contain meaningful information for every firewall configuration.
Shows a balanced amount of information, based around the source and destination of the traffic.
Centered around firewall rule descriptions.
Similar to the default view, but tailored for wider displays with longer rows for more columns of information. Shows the gateway after the destination.
Shows the ALTQ traffic shaping queues and their usage.
Shows firewall rules and their usage.
Shows states that have passed the most data.
Shows states that have high-rate traffic.
Shows status of states.
Shows long-lived states.
- Sort By
Some views can be sorted. When sorting is possible, the following sort methods are available. When selected, the view is sorted by the chosen column in descending order:
No sorting, the natural order shown by the chosen view.
The age of the states.
The amount of data sent matching states.
- Destination Address
The destination IP address of the state.
- Destination Port
The destination port number of the state.
The expiration time of the state. This is the countdown timer until the state will be removed if no more data matches the state.
The peak rate of traffic matching a state in packets per second.
The number of packets transferred matching a state.
The current rate of traffic matching a state in packets per second.
The total amount of traffic that has matched a state.
- Source Port
The source port number of the state.
- Source Address
The source IP address of the state.
- Maximum # of States
On views that support sorting, this option limits the number of state entries shown on the page.
pfTop on the Console¶
To access pfTop from the console or via ssh, use option
9 from the menu or
pftop from a shell prompt.
While viewing pfTop in this way, there are several methods to alter the view
while watching its output. Press
h to see a help screen that explains the
available choices. The most common uses are using
8 to select
space for an immediate update, and
q to quit. See the
previous section for details on the meaning of the available views and sort
The output is dynamically sized to the terminal width, with wider terminals showing much more information in additional columns.