OpenBSD Journal

Just Another Packet Filter Tutorial

Contributed by jose on from the readme dept.

Peter Matulis writes: "Hi, I am looking for reader comments on this Packet Filter tutorial. I spent quite a lot of time on it so I am eager to see what other people think of it. I am also looking for corrections.

You can find it here:

It is also available as a PDF file (183 kB) here:


(Comments are closed)

  1. By Sean () on

    One thing you may want to toss in is either a discussion of tables, or to at least switch the RFC1918 addresses to a table.

    Look at the FAQ .

    1. By Peter Matulis () on

      Yeah, I am going to put tables and other juicy topics in a second (advanced) tutorial. I found what I have now is long enough. I might consider dropping the accumulated pf.conf file. It takes up space.

      1. By Kass () on

        great tutorial.. just the thing i am looking .

        Many Thanks Peter

  2. By Dan () on

    1. By Anonymous Coward () on

      I highly doubt pfctl can handle separate files for translation and filtering. /etc/nat.conf Has been gone since 3.0 or earlier I think.

      1. By Peter Matulis () on

        Argh. This tutorial is actually quite an old one that I recently overhauled. Some old stuff got left in. Thanks. Updating now.

  3. By Peter Dembinski () on

    Maybe this is off-topic, but I wonder why so many people use user-mode ppp instead of pppd?

    1. By Aaron () on

      Do you have any pointers to decent 3.4 how-tos for pppd? The FAQ ( ) seems to get cut short when it comes to pppd, saying:

      Point-to-Protocol is generally what is used to create a connection to your ISP via your modem. OpenBSD has 2 ways of doing this.

      * pppd(8) - Which is the kernel ppp daemon.
      * ppp(8) - Which is the userland ppp daemon.

      The first one we will cover will be the userland PPP daemon...

      Yet _NEVER_ returning to pppd as far as I can see.
      I know there was discussion a few years back on Theo wanting to remove pppd completely, but it still seems to be around.

      If you have information on how to set kernel-mode ppp up, providing it to others might switch things around. The only reason I've used userland ppp is because of the many how-tos on it...


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]