as debian switched to systemd as default init system my firewall scripts did not function anymore and as I am a lazy guy I also switched from a script based system to netfilter-persistent. These scripts take over the task of saving and initiating the firewall system based on the current active settings. So I may still use the scripts already created while using systemd as init process.
netfilter-persistent savenetfilter-persistent startto check for all open ports on a server netstat is the tool of choice and here are some common options:
netstat -na show all open ports without dns resolving for speed
netstat -tlnup show all open ports and the associated programm using this port
To view the log file:
# tcpdump -n -e -ttt -r /var/log/pflog
Note that using tcpdump(8) to watch the pflog file does not give a real-time display. A real-time display of logged packets is achieved by using the pflog0 interface:
# tcpdump -n -e -ttt -i pflog0
# pfctl -f /etc/pf.conf Load the pf.conf file
# pfctl -nf /etc/pf.conf Parse the file, but don't load it
# pfctl -Nf /etc/pf.conf Load only the NAT rules from the file
# pfctl -Rf /etc/pf.conf Load only the filter rules from the file
# pfctl -sn Show the current NAT rules
# pfctl -sr Show the current filter rules
# pfctl -ss Show the current state table
# pfctl -si Show filter stats and counters
# pfctl -sa Show EVERYTHING it can show