What is pfctl?

If you work with networking or security on your Mac, you may have come across pfctl. It controls the built-in packet filter firewall.

What is pfctl?

pfctl stands for "Packet Filter control". It manages PF (Packet Filter), the firewall built into macOS. PF came from OpenBSD and works at the network level, filtering traffic based on addresses, ports, and protocols.

This is separate from the macOS application firewall in System Settings. PF works at a lower level and can filter traffic with finer control.

Is it running on my Mac?

PF is loaded by default on macOS, but its rules are minimal unless you or an app has set them up. You can check its status:

sudo pfctl -s info

What uses it?

Several things may set PF rules:

• The built-in Internet Sharing feature in macOS
• VPN apps
• Third-party firewalls like Little Snitch or Lulu (some use PF under the hood)
• Developers running local network setups

How is it different from the macOS firewall?

The macOS firewall in System Settings controls which apps can accept incoming connections. PF filters individual packets based on rules you define. PF is more powerful but needs command-line work to set up.

Should you worry?

No. pfctl is a standard Unix tool included with macOS. It is not a process that runs all the time. It is a command you use to manage the PF firewall. If you have not set up PF rules yourself, the default setup is very light.

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.

Tags