diff --git a/commands.md b/commands.md
index 73631f7..cf8320e 100644
--- a/commands.md
+++ b/commands.md
@@ -96,6 +96,13 @@ netstat -an                             # display all connections
 /etc/rc.d/routing restart                 without rebooting. Execute in tmux or screen session
 ```
 
+# Firewall
+
+```
+pfctl -si                               # show current state table and counters (useful for tuning)
+pfctl -s state                          # show current content of state table
+```
+
 # IPsec
 
 ```