Network Management with the OpenBSD Packet Filter Toolset

The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.

Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will teach the principles and hands-on operation of the extensive network tools available on OpenBSD and sister operating systems. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.

Topics covered include

   The basics of and network design and taking it a big further

   Building rulesets

   Keeping your configurations readable and maintainable

   Filtering, diversion, redirection, Network Address Translation

   Handling services that require proxying (ftp-proxy and others)

   Address tables and daemons that interact with your setup through them

   The whys and hows of DMZs and network segmentation

   Tackling noisy attacks and other pattern recognition tricks

   Annoying spammers with spamd

   Basics of and not-so basic traffic shaping

   Monitoring your traffic

   Troubleshooting: Discovering and correcting errors and faults

   Your network and its interactions with the Internet at large

   Common mistakes in internetworking and peering

   Keeping the old IPv4 world in touch with the new of IPv6

Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.

Participants should bring a laptop, the format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.

This session is an evolutionary successor to previous sessions. Slides for previous PF tutorial sessions are up at https://home.nuug.no/~peter/pftutorial/, to be updated with the present version when the session opens.