Firewalling with OpenBSD's PF packet filter

Peter N. M. Hansteen

Datadokumentasjon A/S

Table of Contents
Before we start
PF?
Packet filter? Firewall?
NAT?
PF today
BSD vs Linux - Configuration
Simplest possible setup (OpenBSD)
Simplest possible setup (FreeBSD)
Simplest possible setup (NetBSD)
First rule set - single machine
Slightly stricter
Statistics from pfctl
Simple gateway with NAT
Gateways and the pitfalls of in, out and on
Setting up
That sad old FTP thing
FTP through NAT: ftp-proxy
FTP through pf with routable addresses: ftpsesame and pftpx
Troubleshooting help - ping and traceroute
Hygiene: block-policy, scrub and antispoof
A web server and a mail server on the inside
Tables make your life easier
Logging
Keeping an eye on things with pftop
Invisible gateway - bridge
Directing traffic with altq
ALTQ - allocation by percentage
ALTQ - prioritizing by traffic type
ALTQ - handling unwanted traffic
CARP and pfsync
Wireless networks made simple
An open, yet tightly guarded wireless network with authpf
Turning away the brutes
Giving spammers a hard time
PF - Haiku
References
Where to find the tutorial on the web