BSDCan2015 - ZH

BSDCan 2015
The Technical BSD Conference

Speakers
Peter Hansteen
Schedule
Day Tutorials #1 - 10 June - 2015-06-10
Room DMS 1120
Start time 13:00
Duration 03:00
Info
ID 533
Event type Lecture
Track Tutorial
Language used for presentation English
Feedback

PF, The OpenBSD Packet Filter: Building The Network You Need

This session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required.

The session will provide updates on the new PF syntax and features introduced in OpenBSD 4.7 (with samples presented in the old and new syntax where appropriate), with newer updates and previews of relevant new features such as the new traffic shaping subsystem introduced in OpenBSD 5.6 and any other PF related improvements in the upcoming OpenBSD 5.7 release (planned release date May 1st, 2015).

Topics potentially covered include

  • Configuration on OpenBSD, FreeBSD and NetBSD
  • PF ruleset basics and rule interactions: block, pass, match
  • Writing maintainable rulesets
  • Address families: IPv4 NAT vs IPv6
  • Redirection, divert and services with odd dependencies (ftp-proxy, spamd)
  • Adaptive rulesets (state tracking tricks)
  • Traffic shaping with priorities and 'newqueue', OpenBSD 5.5 style
  • Legacy ALTQ traffic shaping
  • Per user filtering with authpf
  • High availability with CARP, relayd
  • Wireless vs wired networks
  • Filtering bridges
  • Logging and monitoring - pflog, pflow and others
  • Testing, debugging, and optimizing your configuration

The available material (notes and slides accumulated over the years) covers significantly more than the schedule allows for. To help make the session more targeted to your needs, I would appreciate if you, when you sign up for the session or soon after, send me an email to tutorial@bsdly.net with description of what you would like to learn in this session, and to the extent you are allowed and feel it is appropriate, what your near or longer term future project is.

This session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required.

Slides matching the latest version of the tutorial can be found at http://home.nuug.no/~peter/pf/newest/; updated slides will be made available to the general public after the present session has concluded.

Logistics allowing, copies of the third edition of Hansteen's The Book of PF (http://www.nostarch.com/pf3) will be available to purchase at the session.