Kristof Provost - A packet's journey through pf

Abstract

A walkthrough of a packet’s journey through (FreeBSD’s) pf, concentrating on the big picture and its implications.

We’ll cover when packets are inspected, when rules are evaluated and how states are used. Along the way we’ll cover what DTrace probes can show us, what some of pfctl’s counters mean and just how many times pf can look at a single packet.

This talk is intended for firewall admins looking for a deeper understanding and aspiring pf developers. It is not a “How to use pf” talk.

Biography

Kristof is a freelance embedded software engineer specialising in network and video applications. He’s a FreeBSD committer and maintainer of the pf firewall in FreeBSD.

Kristof has an unfortunate tendency to stumble into uClibc bugs, and a burning hatred for FTP. Do not talk to him about IPv6 fragmentation.

Spreker

Foto van Kristof Provost
Kristof Provost

Tags