pfctl.8: mention -k source -k <IP>

Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost
2026-01-10 10:43:09 +01:00
parent 63d5d1b0b3
commit 398ca30cb6
+7 -2
View File
@@ -43,7 +43,7 @@
.Op Fl K Ar host | network
.Xo
.Oo Fl k
.Ar host | network | label | id | gateway | nat
.Ar host | network | label | id | gateway | source | nat
.Oc Xc
.Op Fl o Ar level
.Op Fl p Ar device
@@ -281,7 +281,7 @@ option may be specified, which will kill all the source tracking
entries from the first host/network to the second.
.It Xo
.Fl k
.Ar host | network | label | id | key | gateway | nat
.Ar host | network | label | id | key | gateway | source | nat
.Xc
Kill all of the state entries matching the specified
.Ar host ,
@@ -290,6 +290,7 @@ Kill all of the state entries matching the specified
.Ar id ,
.Ar key ,
.Ar gateway,
.Ar source ,
or
.Ar nat.
.Pp
@@ -374,6 +375,10 @@ States can also be killed based on their pre-NAT address:
.Pp
.Dl # pfctl -k nat -k 192.168.0.1
.Pp
To remove a source from a source limiter use:
.Pp
.Dl # pfctl -I 1 -k source -k 192.0.2.2
.Pp
.It Fl M
Kill matching states in the opposite direction (on other interfaces) when
killing states.