BSDCan2014 - Final

BSDCan 2014
The Technical BSD Conference

Speakers
Peter Hansteen
Schedule
Day Tutorials - Day 1 - Wed May 14 - 2014-05-14
Room Montpetit 201
Start time 13:00
Duration 03:00
Info
ID 453
Event type Workshop
Track Tutorial
Language used for presentation English

Building The Network You Need With PF, The OpenBSD Packet Filter

Sane networking, matching your needs

This session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required.

The session will provide updates on the new PF syntax and features introduced in OpenBSD 4.7 (with samples presented in the old and new syntax where appropriate), with newer updates and previews of relevant new features such as the new traffic shaping system in the upcoming OpenBSD 5.5 release (planned release date May 1st).

Topics potentially covered include

  • Configuration on OpenBSD, FreeBSD and NetBSD
  • PF ruleset basics and rule interactions: block, pass, match
  • Writing maintainable rulesets
  • Address families: IPv4 NAT vs IPv6
  • Redirection, divert and services with odd dependencies (ftp-proxy, spamd)
  • Adaptive rulesets (state tracking tricks)
  • Traffic shaping with priorities and 'newqueue', OpenBSD 5.5 style
  • Legacy ALTQ traffic shaping
  • Per user filtering with authpf
  • High availability with CARP, relayd
  • Wireless vs wired networks
  • Filtering bridges
  • Logging and monitoring - pflog, pflow and others
  • Testing, debugging, and optimizing your configuration

The session will provide updates on the new PF syntax and features introduced in OpenBSD 4.7 (with samples presented in the old and new syntax where appropriate), with newer updates and previews of relevant new features such as the new traffic shaping subsystem in the upcoming OpenBSD 5.5 release (planned release date May 1st).

The available material (notes and slides) covers significantly more than the schedule allows for. To help make the session more targeted to your needs, I would appreciate if you, when you sign up for the session or soon after, send me an email to tutorial@bsdly.net description of what you would like to learn in this session, and to the extent you are allowed and feel it is appropriate, what your near or longer term future OpenBSD project is.

Slides matching the latest version of the tutorial can be found at <a href="http://home.nuug.no/~peter/pf/newest/">http://home.nuug.no/~peter/pf/newest/</a>; updated slides will be made available to the general public after the present session has concluded.

Timing and logistics allowing, copies of the third edition of Hansteen's The Book of PF will be available to purchase at the session. (Also see <a href="http://nostarch.com/pf2.htm">The Book of PF, 2nd edition</a>, No Starch Press November 2010).