Directory
Encyclopedia

NodeWorks
                              ENCYCLOPEDIA

Link Checker
Home
Encyclopedia : P :

PF

   ( 36 )

pf is OpenBSD's stateful packet filter, written by Daniel Hartmeier. It replaced Darren Reed's IPFilter in OpenBSD, due to problems with its license. pf has evolved quickly, and has now several advantages over others. The filtering syntax is similar to ipf, though it has been modified to make it more clean. Network Address Translation (NAT) and Quality of Service (QoS) have been tightly integrated into pf, to allow greater flexibility. QoS is achieved by merging ALTQ into pf itself.

pf has also been ported to NetBSD-current by itojun and is installed by default in FreeBSD starting at version 5.3.

Commands and options

  • pfctl -e -> enables pf
  • pfctl -d -> disables pf
  • pfctl -f -> if no syntax errors are found on target file, new rules will be loaded into pf

Example PF.conf file

#Macros
ext_if="xl1"

int_if="xl0"

int_network="192.168.0.0/24"

ext_network="XXX.XXX.XXX.0"

ext_ip="XXX.XXX.XXX.XXX"

loop_back="lo0"

#NAT

nat on $ext_if from $int_network to any -> $ext_ip

#PF-rules

block in all

pass out all keep state

pass in quick on $int_if from $int_network to any keep state

pass quick on $loop_back all

See also

  • OpenBSD
  • NetBSD
  • packet
  • TCP/IP
  • NAT

    External links

  • pf FAQ
  • Hatchet
  • pftabled
  • slbd - load balancing
  • SOFI-firewall - Simple OpenBSD Firewall Interface
  • Remote Packet Filter Control Daemon


    		•
    NodeWorks boosts web surfing!
    Page Returned in 1.236 seconds - HTML Compressed 69.9%

    This article is from Wikipedia. All text is available
    under the terms of the GNU Free Documentation License.
     GNU Free Documentation License
    © 2008 Chamas Enterprises Inc.