Chapter 22. Advanced PF

Office net seems slow thanks to bootleg film swapping. Let’s stop that right quick!

The previous chapter covered the basics of the OpenBSD packet filter pf(4). But, as I mentioned, PF can manipulate packets in all kinds of ways beyond just permitting or denying them, including the following:

  • You can dynamically change the list of addresses to pass or block through outside software, such as dhcpd(8) or spamd(8).

  • You can dynamically create sub-rulesets that let you set up very specific rules for troublesome protocols without allowing more access than necessary.

  • PF can provide NAT, letting you offer an entire network Internet access ...

Get Absolute OpenBSD now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.