BSDCan2016 - v1.1.24a
BSDCan 2016
The Technical BSD Conference
| Speakers | |
|---|---|
|
Peter Hansteen |
| Schedule | |
|---|---|
| Day | Tutorials #1 - 8 June - 2016-06-08 |
| Room | DMS 1120 |
| Start time | 13:00 |
| Duration | 03:00 |
| Info | |
| ID | 677 |
| Event type | Workshop |
| Track | Tutorial |
| Language used for presentation | English |
Building The Network You Need With PF, The OpenBSD Packet Filter
This session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required. We expect to cover PF basics, a variety of avanced topics and recent developments.
This session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required. The session content will be largely determined by your questions (if possible sent to tutorial@bsdly.net in advance), topics potentially covered include
- Configuration on OpenBSD, FreeBSD and NetBSD (and possibly Solaris)
- PF ruleset basics and rule interactions: block, pass, match
- Writing maintainable rulesets
- Address families: IPv4 NAT vs IPv6
- Redirection, divert and services with odd dependencies (ftp-proxy, spamd)
- Adaptive rulesets (state tracking tricks)
- Traffic shaping with priorities and 'newqueue', OpenBSD 5.5 style
- Legacy ALTQ traffic shaping
- Per user filtering with authpf
- High availability with CARP, relayd
- Wireless vs wired networks
- Filtering bridges
- Logging and monitoring - pflog, pflow and others
- Testing, debugging, and optimizing your configuration
- Updates on recent developments and what to expect in upcoming releases
Where appropriate, samples will be presented in both the legacy syntax and the new PF syntax introduced in OpenBSD 4.7, otherwise the likely focus of the session will be the world as seen from the recent OpenBSD 5.9 release (release date May 1st, 2016).
The available material (notes and slides I've accumulated over the years) covers significantly more than the schedule allows for. To help make the session more targeted to your needs, I would appreciate if you, when you sign up for the session or soon after, send me an email to tutorial@bsdly.net with description of what you would like to learn in this session, and to the extent you are allowed and feel it is appropriate, what your near or longer term future project is.
Slides matching the latest version of the tutorial can be found at http://home.nuug.no/~peter/pf/newest/; updated slides will be made available to the general public after the present session has concluded.
Timing and logistics allowing, copies of the third edition of Hansteen's The Book of PF will be available to purchase at the session. (Also see <a href="http://nostarch.com/pf3">The Book of PF, 3rd edition</a>, No Starch Press 2014).