Filtering Rules
Filtering rules are the heart of PF. You can use PF without doing any of the fancy redirection, address translation, load balancing, or redundancy, but packet filtering is the bedrock on which most of these features are based. To start with, however, basic packet filtering is defined as access control for network packets by source, destination, protocol, and protocol characteristics.
PF processes filtering rules in order. The last rule that matches a packet is acted on. A typical packet-filtering rule looks like this:
1pass 2in 3on egress 4proto tcp 5from any 6to 192.0.2.12 7port 80
The first word of the filter rule is a keyword that describes the results of this rule 1. PF will either pass or block packets that match a rule. ...
Get Absolute OpenBSD, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
