Chapter 17: Basic Packet Filtering

Previous page
Table of content
Next page

Overview

The name's Pond, James Pond.
Alpha PPK loaded, licensed to filter.

Packet filtering and manipulation are among the most basic tools in network security. OpenBSD includes a very powerful in-kernel packet filter, pf(4), that not only performs standard stateless and stateful packet filtering, but can also inspect and reassemble packet fragments in several ways, redirect connections, translate addresses in several different directions simultaneously, authenticate users, and manage bandwidth.

PF is one of the high points of OpenBSD, and we're going to spend a few chapters discussing it. PF allows you to do some things that commercial firewall vendors still cannot manage reliably.

PF is still undergoing very active development, and new features are added almost weekly. We are only going to discuss those features that are mature and stable. By the time you read this, PF will have features that aren't covered here. Be sure to read the pf.conf(5) man page for details on the nifty features available in your version of OpenBSD.



Previous page
Table of content
Next page
Absolute Openbsd(c) Unix for the Practical Paranoid
Absolute OpenBSD: Unix for the Practical Paranoid
ISBN: 1886411999
EAN: 2147483647
Year: 2005
Pages: 298
Authors: Michael W. Lucas
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
C++ GUI Programming with Qt 3
Cisco Voice Gateways and Gatekeepers
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Web Systems Design and Online Consumer Behavior
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy