IP Filter is a stateful packet inspecting firewall that ships with FreeBSD and Solaris 10. Stateful packet inspecting firewalls use a state table to maintain established connections, which allows packets to traverse the firewall if they are part of an existing established connection. IP filter comes with the ipfstat(1m) utility, which can be used to print connection statistics, rule definitions, and active connection. When ipfstat(1m) is invoked with the “-t” (Show the state table in a way similar to the way the Unix utility, top, shows the process table) option, a text-based graphical representation of the firewall is continuosly displayed:
$ ipfstat -t
sparky - IP Filter: v4.0.2 - state top 10:47:32
Src = 0.0.0.0 Dest = 0.0.0.0 Proto = any Sorted by = # bytes
Source IP Destination IP ST PR #pkts #bytes ttl
12.6.4.12,32776 1.2.5.4,22 B/7 tcp 140 10112 0:00
12.6.4.12,32775 1.2.5.3,22 B/7 tcp 134 9872 0:00
To adjust the refresh interval, an integer value can be passed to ipfstat’s “-T” (Specifies how often the state top display should be updated) option:
$ ipfstat -t -T 10
sparky - IP Filter: v4.0.2 - state top 10:47:32
Src = 0.0.0.0 Dest = 0.0.0.0 Proto = any Sorted by = # bytes
Source IP Destination IP ST PR #pkts #bytes ttl
12.6.4.12,32776 1.2.5.4,22 B/7 tcp 140 10112 0:00
12.6.4.12,32775 1.2.5.3,22 B/7 tcp 134 9872 0:00
If you are using the PF firewall, you can use pftop(8) to get a text-based graphical representation of the PF state table:
$ pftop
pfTop: Up State 1-3/3, View: default, Order: none, Cache: 10000 09:37:53
PR DIR SRC DEST STATE AGE EXP PKTS BYTES
tcp Out 192.168.1.8:49359 66.102.15.101:80 ESTABLISHED:ESTABLISHED 19:29:55 04:30:08 5 676
To adjust pftop(8)‘s refresh interval, an integer value can be passed to pftop(8)‘s “-s” (Set the delay between display updates to time seconds) option:
$ pftop -t -T 10
pfTop: Up State 1-3/3, View: default, Order: none, Cache: 10000 09:37:53
PR DIR SRC DEST STATE AGE EXP PKTS BYTES
tcp Out 192.168.1.8:49359 66.102.15.101:80 ESTABLISHED:ESTABLISHED 19:29:55 04:30:08 5 676
I find myself frequently using these utilities, and find them super useful!