EuroBSDcon 2024

The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.

Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will both teach principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and sister operating systems in a lab environment. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.

Topics covered include

• The basics of and network design and taking it a bit further

• Building rulesets

• Keeping your configurations readable and maintainable

• Filtering, diversion, redirection, Network Address Translation

• Handling services that require proxying (ftp-proxy and others)

• Address tables and daemons that interact with your setup through them

• The whys and hows of network segmentation, DMZs and other separation techniques

• Tackling noisy attacks and other pattern recognition and learning tricks

• Annoying spammers with spamd

• Basics of and not-so basic traffic shaping

• Monitoring your traffic

• Resilience, High Availability with CARP and pfsync

• Troubleshooting: Discovering and correcting errors and faults

• Your network and its interactions with the Internet at large

• Common mistakes in internetworking and peering

• Keeping the old IPv4 world in touch with the new of IPv6

Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.

Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.

This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.

Speakers:

Peter N. M. Hansteen, Senior Technical Specialist at Tietoevry. Author of The Book of PF (https://nostach.com/pf3), occasional blogger (https://bsdly.blogspot.com) and lecturer on IT security with a strong preference for OpenBSD.

Massimiliano Stucchi, Technical Advisor at The Internet Society, IPv6 enthusiast, frequent lecturer on network security and IPv6 matters.

Tom Smyth, CTO wireless Connect Ltd, Maintainer of the NSH network Shell for OpenBSD.

The EU has been transformative for many of its member states.
The EU has a reputation for lots of documentation, directives rules and regulations. But why are these in place? How are these policies formed, who starts them who edits them who approves them? How do and why should interested parties interact with these initiatives from these authorities?

How is all this relevant to BSD users? be them commercial and non commercial, How is this relevant to BSD developers both professional and vocational? What are the effects on the BSD foundations that co-ordinate the activities of the development community? Finally how all this affects the downstream commercial (beneficiaries) that utilise the genius of BSD code and its associated permissive license in their products / services?

My humble experience is that the EU are open to feedback from even the Smallest of Enterprises. And that constructive engagement with the Folks in Brussels can yield positive results for the citizens and communities such as the BSD Community. As a community we need to have a seat at the table to shape and influence policies that affect the Internet and the Open Source Community so that freedom of thought freedom of expression and freedom of communication can continue to flourish.