The
npfctl command can be used to control the NPF packet filter. For a description of NPF's configuration file, see
npf.conf(5).
The first argument,
command, specifies the action to take. Valid commands are:
start
Enable packet inspection using the currently loaded configuration, if any. Note that this command does not load or reload the configuration.
stop
Disable packet inspection. This command does not change the currently loaded configuration.
reload [path]
Load or reload configuration from file. The configuration file at /etc/npf.conf will be used unless a file is specified by path. The reload operation (i.e., replacing the ruleset) is atomic.
flush
Flush configuration. That is, remove all rules and tables. This command does not disable packet inspection.
table tid
List all entries in the currently loaded table specified by tid. Fail if tid does not exist.
table tid <addr/mask>
Query the table tid for a specific IPv4 CIDR, specified by addr/mask. If no mask is specified, a single host is assumed.
table tid [add | rem] <addr/mask>
In table tid, add or remove the IPv4 CIDR specified by <addr/mask>.