命令

  1. # 查看配置文件
  2. sudo vi /etc/pf.conf 
  4. # 关闭
  5. sudo pfctl -d
  7. # 开启+刷新规则
  8. sudo pfctl -evf /etc/pf.conf
  10. # 只刷新  更新规则
  11. sudo pfctl -s rules
  14. # 如何在命令行中刷新 PF 规则/NAT/路由表
  15. pfctl -F all
  19. # 如何在命令行中仅刷新 PF 规则
  20. pfctl -F rules

配置文件

举例一:屏蔽某几个端口的tcp

  3. NoRoutePorts = "{8081,8082, 8042, 8088, 50070}"
  4. ExtIF = "{en0, en5}"
  5. block in quick on $ExtIF proto tcp from any to any port $NoRoutePorts

参考:
https://zhuanlan.zhihu.com/p/44655145
https://man.linuxde.net/pfctl
https://blog.csdn.net/shuishen49/article/details/77587527
https://www.gwduan.com/web/computer/work-env/common/pf.html
https://www.zhihu.com/question/58516863/answer/1321535087
https://man.openbsd.org/pf.conf