Packet Filter (pf) Tutorial/Training Course 2011

Building the network you need with PF, the OpenBSD packet filter

22nd September 2011 - Imperial Hotel, Russell Square, London WC1B 5BB

Description: This one day session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required. Topics covered include

• Configuration on OpenBSD, FreeBSD and NetBSD
• PF ruleset basics and rule interactions: block, pass, match
• Writing maintainable rulesets
• Address families: IPv4 NAT vs IPv6
• Redirections and services with odd dependencies (ftp-proxy, spamd)
• Adaptive rulesets (state tracking tricks)
• ALTQ traffic shaping
• Per user filtering with authpf
• High availability with CARP, relayd
• Wireless vs wired networks
• Filtering bridges
• Logging and monitoring - pflog, pflow and others
• Testing, debugging, and optimizing your configuration

The session will provide updates on the new PF syntax and features introduced in OpenBSD 4.7 (with samples presented in the old and new syntax where appropriate), with newer updates and reviews of relevant new features in the upcoming OpenBSD 5.0 release.

The tutorial is loosely based on Hansteen's book, The Book of PF (No Starch Press, second edition November 2010).

Tutor: Peter N. M. Hansteen is a consultant, writer and sysadmin from Bergen, Norway. A long time freenix advocate and during recent years a frequent lecturer and tutor with emphasis on OpenBSD and FreeBSD, author of several articles and The Book of PF (No Starch Press 2007, 2nd edition November 2010). He writes a frequently slashdotted blog at http://bsdly.blogspot.com/

Visit the UKUUG web site at: www.ukuug.org/events/pftutorial2011/ for delegate costs and on-line booking

Places are limited – early booking is essential