Firewalling with OpenBSDs pf and pfsync

Presenter(s): David Gwynne URL: http://2011.linux.conf.au/programme/schedule/view_talk/168 OpenBSD is a general purpose UNIX-like operating system that has developed a variety of technologies that make it usable as a network router and packet filtering firewall. These technologies include support for several standard protocols such as OSPF and BGP, a high performance stateful IP packet filter (imaginatively) called pf, shared IP address and fail-over support with CARP (Common Address Redundancy Protocol), and a protocol called pfsync for synchronisation of the firewalls state between separate machines over a network link. Combinations of these can be used to provide highly available network filtering. This talk will attempt to cover pf and pfsync in particular by giving an overview of their features and implementation within the OpenBSD network stack, and how to configure filters in pf and failover with pfsync. It will finish by giving example use cases of pf and pfsync in a variety of environments ranging from a home or small business environment up to its use in large university networks. http://2011.linux.conf.au/ - http://www.linux.org.au CC BY-SA - http://creativecommons.org/licenses/by-sa/4.0/legalcode.txt