list services / restart a service
rcctl ls all / rcctl restart
configure an interface
sh /etc/netstart wg1
equivalent to netstat -lpentu on linux
netstat -f inet -t
show routing table
netstat -rn -f inet
dump pf traffic
tcpdump -lenvvvi pflog0
Show logs paquet for a specific port (443)
tcpdump -n -e -ttt -r /var/log/pflog port 443
show current firewall loaded
ipfctl -sr
check pf config syntax, but don’t load it
pfctl -nf /etc/pf.conf
Reload pf config
pfctl -f /etc/pf.conf
tracing under openbsd
ktrace -f vimtrace.out vimThis generates a logfile with the process trace, that you can then parse with kdump.kdump -f vimtrace.out
add a network route
route add -net 172.16.88.0/22 172.16.88.1
ipsec
Apply ipsec config in isakmpd
After isakmpd restart you must:ipsecctl -F to flush old rules
ipsecctl -f /etc/ipsec.conf
list established flows
ipsecctl -sa
(nothing listed when tunnels are down).
A good ipsec guide : https://www.packetmischief.ca/~#isakmpd
if we add a new tunnel we need to turn it up by giving only the config file
ipsecctl -f /etc/ipsec.conf.exo.ecom-preprod.dk2
Because if we provide global config it will overwrite existing without flushing active flows.
========
no boot after corrupt filesystem
fsck_ffs /dev/sd0a
fsck_/ffs /dev/sd0k
on all partitions, and answer to questions
lscpu equivalent
dmesg | grep -i cpu
Leave a Reply