PF(4) - Device Drivers Manual # PF(4) - Device Drivers Manual
NAME # pf - packet filter
SYNOPSIS # pseudo-device pf
DESCRIPTION # Packet filtering takes place in the kernel. A pseudo-device, /dev/pf, allows userland processes to control the behavior of the packet filter through an ioctl(2) interface. There are commands to enable and disable the filter, load rulesets, add and remove individual rules or state table entries, and retrieve statistics.
...
PFLOG(4) - Device Drivers Manual # PFLOG(4) - Device Drivers Manual
NAME # pflog - packet filter logging interface
SYNOPSIS # pseudo-device pflog
DESCRIPTION # The pflog interface is a pseudo-device which makes visible all packets logged by the packet filter, pf(4). Logged packets can easily be monitored in real time by invoking tcpdump(8) on the pflog interface, or stored to disk using pflogd(8).
The pflog0 interface is created automatically at boot if both pf(4) and pflogd(8) are enabled; further instances can be created using ifconfig(8).
...
PFLOGD(8) - System Manager’s Manual # PFLOGD(8) - System Manager’s Manual
NAME # pflogd - packet filter logging daemon
SYNOPSIS # pflogd [-Dx] [-d delay] [-f filename] [-i interface] [-s snaplen] [expression]
DESCRIPTION # pflogd is a background daemon which reads packets logged by pf(4) to a pflog(4) interface, normally pflog0, and writes the packets to a logfile (normally /var/log/pflog) in tcpdump(8) binary format. These logs can be reviewed later using the -r option of tcpdump(8), hopefully offline in case there are bugs in the packet parsing code of tcpdump(8).
...
SPAMLOGD(8) - System Manager’s Manual # SPAMLOGD(8) - System Manager’s Manual
NAME # spamlogd - spamd whitelist updating daemon
SYNOPSIS # spamlogd [-DI] [-i interface] [-l pflog_interface] [-W whiteexp] [-Y synctarget]
DESCRIPTION # spamlogd manipulates the spamd(8) database in /var/db/spamd used for greylisting. spamlogd updates the /var/db/spamd whitelist entries whenever a connection to port 25 is logged to the pflog(4) interface. The source addresses of inbound connections are whitelisted when seen by spamlogd to ensure that their entries in /var/db/spamd do not expire if the connecting host continues to send legitimate mail.
...
Filter,
Udp,
Pcap_open_live,
Pf.os,
Protocols,
Bpf,
Services,
Pflog,
Ether_aton,
Hosts,
Tcp,
Ip,
Pf,
Tcpdump TCPDUMP(8) - System Manager’s Manual # TCPDUMP(8) - System Manager’s Manual
NAME # tcpdump - dump traffic on a network
SYNOPSIS # tcpdump [-AadefILlNnOopqStvXx] [-B fildrop] [-c count] [-D direction] [-E [espalg:]espkey] [-F file] [-i interface] [-r file] [-s snaplen] [-T type] [-w file] [-y datalinktype] [expression]
DESCRIPTION # tcpdump prints out the headers of packets on a network interface that match the boolean expression. You must have read access to /dev/bpf.
...