Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
PF (firewall)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Packet filter software}} {{Infobox Software |name = PF |logo = |caption = |screenshot = |author = [[Daniel Hartmeier]] |developer = The [[OpenBSD]] Project |programming language = C |latest release version = |latest release date = // |released = {{Start date and age|2001|12|01|df=yes}} |operating system = [[OpenBSD]] |genre = [[Packet filtering]] |license = [[BSD license]] |website = {{URL|https://www.openbsd.org/faq/pf/index.html}} }} '''PF''' ('''Packet Filter''', also written '''pf''') is a [[BSD license]]d [[Stateful firewall|stateful]] [[packet filter]], a central piece of software for [[Firewall (computing)|firewalling]]. It is comparable to [[netfilter]] ([[iptables]]), [[Ipfirewall|ipfw]], and [[ipfilter]]. PF was developed for [[OpenBSD]], but has been [[#Ports|ported]] to many other [[operating systems]]. == History == PF was originally designed as replacement for Darren Reed's [[IPFilter]], from which it derives much of its rule syntax. IPFilter was removed from OpenBSD's [[Concurrent Versions System|CVS]] tree on 30 May 2001 due to OpenBSD developers' concerns with its license.<ref>{{cite web | url=https://marc.info/?l=openbsd-cvs&m=99118918928072 | title=CVS: cvs.openbsd.org: src; Remove ipf. | date=2001-05-30 | first=Theo | last=de Raadt | access-date=2018-08-20}}</ref> The initial version of PF was written by Daniel Hartmeier.<ref>{{cite web | url=https://www.benzedrine.ch/pf.html | title=A new stateful packet filter for OpenBSD | date=2017-09-26 | first=Daniel | last=Hartmeier | access-date=2018-08-20}}</ref> It appeared in OpenBSD 3.0, which was released on 1 December 2001.<ref>{{cite web | url=https://www.openbsd.org/30.html | title=OpenBSD 3.0 | date=2001-12-01 | access-date=2018-08-20}}</ref> It was later extensively redesigned by Henning Brauer and Ryan McBride<ref>{{cite web | url=http://henningbrauer.com/ | title=Henning Brauer Consulting: pf | first=Henning | last=Brauer | access-date=2018-08-20}}</ref> with most of the code written by Henning Brauer. Henning Brauer is currently the main developer of PF. == Features == The filtering syntax is similar to IPFilter, with some modifications to make it clearer. [[Network address translation]] (NAT) and [[quality of service]] (QoS) have been integrated into PF. Features such as [[pfsync]] and [[Common Address Redundancy Protocol|CARP]] for [[failover]] and redundancy, authpf for session authentication, and ftp-proxy to ease firewalling the difficult [[File Transfer Protocol|FTP]] protocol, have also extended PF. Also PF supports SMP ([[Symmetric multiprocessing]]) & STO ([[Stateful Tracking Options]]). One of the many innovative features is PF's logging. PF's logging is configurable per rule within the pf.conf and logs are provided from PF by a pseudo-network interface called ''pflog'', which is the only way to lift data from kernel-level mode for user-level programs. Logs may be monitored using standard utilities such as [[tcpdump]], which in [[OpenBSD]] has been extended especially for the purpose, or saved to disk in the [[tcpdump]]/[[pcap]] binary format using the ''pflogd'' daemon. == Ports == Apart from running on its home platform [[OpenBSD]], PF has been ported to many other operating systems, however there are major differences in capabilities. Some ports date back many years. OpenBSD always has the latest version with the most features. PF is currently used in: * [[FreeBSD]] starting with version 5.3<ref>{{cite web | url=https://www.freebsd.org/releases/5.3R/relnotes-amd64.html#CONTRIB | title=FreeBSD/amd64 5.3-RELEASE Release Notes | date=2004-11-03 | access-date=2018-08-20}}</ref> * Apple [[macOS]] starting with ''Snow Leopard'' (Mac OS X 10.6)<ref>{{cite web | url=https://opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/net/pf.c.auto.html | title=xnu/xnu-1456.1.26/bsd/net/pf.c.auto.html | publisher=[[Apple, Inc]] | date=2008-12-05 | access-date=2018-08-20}}</ref> * Apple [[iOS]] and [[iPadOS]], used by all iPhones and iPads * [[NetBSD]] from version 3.0<ref>{{cite web | url=https://netbsd.org/changes/2005.html#netbsd-3 | title=Changes and NetBSD News in 2005: 23 Dec 2005 - NetBSD 3.0 released | access-date=2018-08-20}}</ref> * [[DragonFly BSD]] from version 1.1<ref>{{cite web | url=https://leaf.dragonflybsd.org/cgi/web-man?command=pf§ion=4 | title=pf(4) manual page | work=DragonFly Kernel Interfaces Manual | date=2011-01-02 | access-date=2018-08-20}}</ref> * [[Debian GNU/kFreeBSD]] * [[Solaris (operating system)|Oracle Solaris]]<ref>{{cite web | url=https://docs.oracle.com/cd/E53394_01/html/E54829/pfovw-intr.html#scrolltoc | title=Introduction to Packet Filter | work=Securing the Network in Oracle® Solaris 11.3 | date=March 2018 | publisher=[[Oracle Corporation]] | access-date=2018-08-20}}</ref> * [[QNX]] and thereby in many BlackBerry smartphones models == See also == {{Portal|Free and open-source software}} * [[Internet protocol suite]] * [[Reverse-path forwarding]] == References == {{Reflist}} == Books == * {{cite book | title=Book of PF: A No-Nonsense Guide to the OpenBSD Firewall | first=Peter N.M. | last=Hansteen | date=October 2014 | edition=3 | pages=248 | publisher=[[No Starch Press]] | url=https://nostarch.com/pf3 | isbn=978-1-59327-589-1}} * {{cite book | title=The OpenBSD PF Packet Filter Book: PF for NetBSD, FreeBSD, DragonFly, and OpenBSD | editor=Jeremy C. Reed | date=August 2006 | publisher=Reed Media Services | url=http://www.reedmedia.net/books/pf-book/ | isbn=978-0-9790342-0-6}} * {{cite book | title=Building Firewalls with OpenBSD and pf | first=Jacek | last=Artymiak | publisher=Selbstverlag | year=2003 | url=https://books.google.com/books?id=MWg3kjhKPsUC | isbn=978-8391665114}} ==External links== {{Wikibooks| Guide to Unix|BSD/OpenBSD/As a Firewall|OpenBSD PF}} * {{man|4|pf|OpenBSD}} * {{man|8|pfctl|OpenBSD}} * [https://www.openbsd.org/faq/pf/ The OpenBSD PF guide] * [https://home.nuug.no/~peter/pf/ Firewalling with PF]: PF tutorial by Peter N. M. Hansteen * [http://www.troubleshooters.com/linux/pf/ OpenBSD/pf Firewalling For the Less Gifted] {{OpenBSD}} {{FreeBSD}} {{Firewall software}} {{DEFAULTSORT:Pf (Firewall)}} [[Category:BSD software]] [[Category:OpenBSD]] [[Category:MacOS]] [[Category:Firewall software]] [[Category:Software using the BSD license]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite book
(
edit
)
Template:Cite web
(
edit
)
Template:Firewall software
(
edit
)
Template:FreeBSD
(
edit
)
Template:Infobox Software
(
edit
)
Template:Man
(
edit
)
Template:OpenBSD
(
edit
)
Template:Portal
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)
Template:Sister project
(
edit
)
Template:Wikibooks
(
edit
)