Just Another Packet Filter Tutorial

Contributed by jose on from the readme dept.

Peter Matulis writes: "Hi, I am looking for reader comments on this Packet Filter tutorial. I spent quite a lot of time on it so I am eager to see what other people think of it. I am also looking for corrections.

You can find it here:

It is also available as a PDF file (183 kB) here:


  1. By Sean () on

    One thing you may want to toss in is either a discussion of tables, or to at least switch the RFC1918 addresses to a table.

    Look at the FAQ .

    1. By Peter Matulis () on

      Yeah, I am going to put tables and other juicy topics in a second (advanced) tutorial. I found what I have now is long enough. I might consider dropping the accumulated pf.conf file. It takes up space.

      1. By Kass () on

        great tutorial.. just the thing i am looking .

        Many Thanks Peter

  2. By Dan () on

    1. By Anonymous Coward () on

      I highly doubt pfctl can handle separate files for translation and filtering. /etc/nat.conf Has been gone since 3.0 or earlier I think.

      1. By Peter Matulis () on

        Argh. This tutorial is actually quite an old one that I recently overhauled. Some old stuff got left in. Thanks. Updating now.

  3. By Peter Dembinski () on

    Maybe this is off-topic, but I wonder why so many people use user-mode ppp instead of pppd?

    1. By Aaron () on

      Do you have any pointers to decent 3.4 how-tos for pppd? The FAQ ( ) seems to get cut short when it comes to pppd, saying:

      Point-to-Protocol is generally what is used to create a connection to your ISP via your modem. OpenBSD has 2 ways of doing this.

      * pppd(8) - Which is the kernel ppp daemon.
      * ppp(8) - Which is the userland ppp daemon.

      The first one we will cover will be the userland PPP daemon...

      Yet _NEVER_ returning to pppd as far as I can see.
      I know there was discussion a few years back on Theo wanting to remove pppd completely, but it still seems to be around.

      If you have information on how to set kernel-mode ppp up, providing it to others might switch things around. The only reason I've used userland ppp is because of the many how-tos on it...


