PF.CONF(5) - File Formats Manual # PF.CONF(5) - File Formats Manual
NAME # pf.conf - packet filter configuration file
DESCRIPTION # The pf(4) packet filter modifies, drops, or passes packets according to rules or definitions specified in pf.conf.
This is an overview of the sections in this manual page:
PACKET FILTERING including network address translation (NAT).
OPTIONS globally tune the behaviour of the packet filtering engine.
QUEUEING provides rule-based bandwidth and traffic control.
...
PFLOG(4) - Device Drivers Manual # PFLOG(4) - Device Drivers Manual
NAME # pflog - packet filter logging interface
SYNOPSIS # pseudo-device pflog
DESCRIPTION # The pflog interface is a pseudo-device which makes visible all packets logged by the packet filter, pf(4). Logged packets can easily be monitored in real time by invoking tcpdump(8) on the pflog interface, or stored to disk using pflogd(8).
The pflog0 interface is created automatically at boot if both pf(4) and pflogd(8) are enabled; further instances can be created using ifconfig(8).
...
PFLOGD(8) - System Manager’s Manual # PFLOGD(8) - System Manager’s Manual
NAME # pflogd - packet filter logging daemon
SYNOPSIS # pflogd [-Dx] [-d delay] [-f filename] [-i interface] [-s snaplen] [expression]
DESCRIPTION # pflogd is a background daemon which reads packets logged by pf(4) to a pflog(4) interface, normally pflog0, and writes the packets to a logfile (normally /var/log/pflog) in tcpdump(8) binary format. These logs can be reviewed later using the -r option of tcpdump(8), hopefully offline in case there are bugs in the packet parsing code of tcpdump(8).
...
SPAMLOGD(8) - System Manager’s Manual # SPAMLOGD(8) - System Manager’s Manual
NAME # spamlogd - spamd whitelist updating daemon
SYNOPSIS # spamlogd [-DI] [-i interface] [-l pflog_interface] [-W whiteexp] [-Y synctarget]
DESCRIPTION # spamlogd manipulates the spamd(8) database in /var/db/spamd used for greylisting. spamlogd updates the /var/db/spamd whitelist entries whenever a connection to port 25 is logged to the pflog(4) interface. The source addresses of inbound connections are whitelisted when seen by spamlogd to ensure that their entries in /var/db/spamd do not expire if the connecting host continues to send legitimate mail.
...