HOME

TheInfoList



Click Here for Items Related To - PF (firewall)
OR:
PF (firewall) on:   [Wikipedia]   [Google]   [Amazon]

PF (Packet Filter, also written pf) is a
BSD license BSD licenses are a family of permissive free software licenses, imposing minimal restrictions on the use and distribution of covered software. This is in contrast to copyleft licenses, which have share-alike requirements. The original BSD lice ...
d
stateful In information technology and computer science, a system is described as stateful if it is designed to remember preceding events or user interactions; the remembered information is called the state of the system. The set of states a system can o ...
packet filter, a central piece of software for firewalling. It is comparable to
netfilter Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network addr ...
(
iptables iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which ...
), ipfw, and ipfilter. PF was developed for
OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project e ...
, but has been ported to many other
operating systems An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
.


History

PF was originally designed as replacement for Darren Reed's IPFilter, from which it derives much of its rule syntax. IPFilter was removed from OpenBSD's CVS tree on 30 May 2001 due to OpenBSD developers' concerns with its license. The initial version of PF was written by Daniel Hartmeier. It appeared in OpenBSD 3.0, which was released on 1 December 2001. It was later extensively redesigned by Henning Brauer and Ryan McBride with most of the code written by Henning Brauer. Henning Brauer is currently the main developer of PF.


Features

The filtering syntax is similar to IPFilter, with some modifications to make it clearer. Network address translation (NAT) and
quality of service Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitat ...
(QoS) have been integrated into PF. Features such as pfsync and
CARP Carp are various species of oily freshwater fish from the family Cyprinidae, a very large group of fish native to Europe and Asia. While carp is consumed in many parts of the world, they are generally considered an invasive species in parts of ...
for
failover Failover is switching to a redundant or standby computer server, system, hardware component or network upon the failure or abnormal termination of the previously active application, server, system, hardware component, or network in a computer net ...
and redundancy, authpf for session authentication, and ftp-proxy to ease firewalling the difficult FTP protocol, have also extended PF. Also PF supports SMP (
Symmetric multiprocessing Symmetric multiprocessing or shared-memory multiprocessing (SMP) involves a multiprocessor computer hardware and software architecture where two or more identical processors are connected to a single, shared main memory, have full access to all ...
) & STO ( Stateful Tracking Options). One of the many innovative features is PF's logging. PF's logging is configurable per rule within the pf.conf and logs are provided from PF by a pseudo-network interface called ''pflog'', which is the only way to lift data from kernel-level mode for user-level programs. Logs may be monitored using standard utilities such as tcpdump, which in
OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project e ...
has been extended especially for the purpose, or saved to disk in the tcpdump/ pcap binary format using the ''pflogd'' daemon.


Ports

Apart from running on its home platform
OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project e ...
, PF has been ported to many other operating systems, however there are major differences in capabilities. Some ports date back many years. OpenBSD always has the latest version with the most features. PF is currently used in: *
FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
starting with version 5.3 * Apple
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and la ...
starting with ''Snow Leopard'' (Mac OS X 10.6) * Apple iOS and
iPadOS iPadOS is a mobile operating system developed by Apple Inc. for its iPad line of tablet computers. It is a rebranded variant of iOS, the operating system used by Apple's iPhones, renamed to reflect the diverging features of the two product ...
, used by all iPhones and iPads *
NetBSD NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is ava ...
from version 3.0 *
DragonFly BSD DragonFly BSD is a free and open-source Unix-like operating system forked from FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and FreeBSD developer between 1994 and 2003, began working on DragonFly BSD ...
from version 1.1 *
Debian GNU/kFreeBSD Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of Deb ...
* Oracle Solaris * QNX and thereby in many BlackBerry smartphones models


See also

*
Internet protocol suite The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the sui ...
*
Reverse-path forwarding Reverse-path forwarding (RPF) is a technique used in modern routers for the purposes of ensuring loop-free forwarding of multicast packets in multicast routing and to help prevent IP address spoofing in unicast routing. In standard unicast IP r ...


References


Books

* * *


External links

* *
The OpenBSD PF guide

Firewalling with PF
PF tutorial by Peter N. M. Hansteen
OpenBSD/pf Firewalling For the Less Gifted
{{DEFAULTSORT:Pf (Firewall) BSD software OpenBSD MacOS Firewall software Software using the BSD license