NPF (firewall)
   HOME

TheInfoList



Click Here for Items Related To - NPF (firewall)
OR:
NPF (firewall) on:   [Wikipedia]   [Google]   [Amazon]

NPF is a
BSD license BSD licenses are a family of permissive free software licenses, imposing minimal restrictions on the use and distribution of covered software. This is in contrast to copyleft licenses, which have share-alike requirements. The original BSD lice ...
d stateful
packet filter In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted n ...
, a central piece of software for firewalling. It is comparable to
iptables iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which ...
, ipfw, ipfilter and PF. NPF is developed on
NetBSD NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is ava ...
.


History

NPF was primarily written by Mindaugas Rasiukevicius. NPF first appeared in the NetBSD 6.0 release in 2012.


Features

NPF is designed for high performance on SMP systems and for easy extensibility. It supports various forms of Network Address Translation (NAT), stateful packet inspection, tree and hash tables for IP sets, bytecode ( BPF or n-code) for custom filter rules and other features. NPF has extension framework for supporting custom modules. Features such as packet logging, traffic normalization, random blocking are provided as NPF extensions.


Example of npf.conf 

# Assigning IPv4-only addresses of the specified interfaces.
$ext_if = inet4(wm0)
$int_if = inet4(wm1)

# Efficient tables to store IP sets.
table <1> type hash file "/etc/npf_blacklist"
table <2> type tree dynamic

# Variables with the service names.
$services_tcp = 
$services_udp = 
$localnet = 

# Different forms of NAT are supported.
map $ext_if dynamic 10.1.1.0/24 -> $ext_if
map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if port 9022

# NPF has various extensions which are supported via custom procedures.
procedure "log" 

#
# Grouping is mandatory in NPF.
# There must be a default group.
#

group "external" on $ext_if 

group "internal" on $int_if 

group default


References


External links

* * {{DEFAULTSORT:NPF (Firewall) BSD software NetBSD Firewall software