# Determine the state of PF firewall without modifying it



## brant (Jun 2, 2014)

Hi.

I want to be able to determine the state of the PF firewall. So far, using pfctl, I have been able to enable and disable the pf firewall and in doing so I can see the state of the firewall. However, I would like to be able to check to see if it is running before I turn it on.

Also, I would like to be able to add rules to the PF firewall and then remove my rules without modifying the other rules.

Is such a thing possible?

I'm looking to do this from a software program. I'm thinking I would do this by invoking pfctl from my program.


----------



## SirDice (Jun 2, 2014)

brant said:
			
		

> I want to be able to determine the state of the PF firewall. So far, using pfctl, I have been able to enable and disable the pf firewall and in doing so I can see the state of the firewall. However, I would like to be able to check to see if it is running before I turn it on.


`pfctl -s info`



> Also, I would like to be able to add rules to the PF firewall and then remove my rules without modifying the other rules.
> Is such a thing possible?


Yes, have a look at anchor in pf.conf(5).


----------



## kpa (Jun 2, 2014)

You can parse the status information from the output of `pfctl -s info`. It's quite clumsy way to do it but unfortunately pfctl(8) doesn't have any options to produce machine-readable output. The output will be something like:


```
INFO:
Status: Disabled for 0 days 00:00:09          Debug: Urgent
```


----------



## brant (Jun 2, 2014)

Thanks to both of you. I appreciate the help.

I think this will solve it for me.


----------

