HOME

TheInfoList



Click Here for Items Related To - NPF (firewall)
OR:
NPF (firewall) on:   [Wikipedia]   [Google]   [Amazon]

NPF is a
BSD license BSD licenses are a family of permissive free software licenses, imposing minimal restrictions on the use and distribution of covered software. This is in contrast to copyleft licenses, which have share-alike requirements. The original BSD lic ...
d stateful packet filter, a central piece of software for firewalling. It is comparable to
iptables iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in a set of tables, whi ...
, ipfw, ipfilter and PF. NPF is developed on
NetBSD NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was fork (software development), forked. It continues to ...
.


History

NPF was primarily written by Mindaugas Rasiukevicius. NPF first appeared in the NetBSD 6.0 release in 2012.


Features

NPF is designed for high performance on SMP systems and for easy extensibility. It supports various forms of
Network Address Translation Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic Router (computing), routing device. The te ...
(NAT), stateful packet inspection, tree and hash tables for IP sets, bytecode ( BPF or n-code) for custom filter rules and other features. NPF has extension framework for supporting custom modules. Features such as packet logging, traffic normalization, random blocking are provided as NPF extensions.


Example of npf.conf 

# Assigning IPv4-only addresses of the specified interfaces.
$ext_if = inet4(wm0)
$int_if = inet4(wm1)

# Efficient tables to store IP sets.
table <1> type hash file "/etc/npf_blacklist"
table <2> type tree dynamic

# Variables with the service names.
$services_tcp = 
$services_udp = 
$localnet = 

# Different forms of NAT are supported.
map $ext_if dynamic 10.1.1.0/24 -> $ext_if
map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if port 9022

# NPF has various extensions which are supported via custom procedures.
procedure "log" 

#
# Grouping is mandatory in NPF.
# There must be a default group.
#

group "external" on $ext_if 

group "internal" on $int_if 

group default


References


External links

* * {{DEFAULTSORT:NPF (Firewall) BSD software NetBSD Firewall software