Tom Smyth
Tom is a Network Engineer for an SME ISP and SME MSPs.
Tom Regularly uses OpenBSD network appliances in varying roles in his ISP, from BGP Routers running full Internet tables, PF Synced Firewall clusters, and other critical network functions such as DNS using NSD and unbound all running on Top of OpenBSD.
Tom Also represents SME ISPs and Internet Stakeholders on Issues relating to Internet access and ISP regulations in the EU
Session
The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the OpenBSD and FreeBSD operating systems.
Understanding the PF subsystem and the set of networking tools that interact with it is essential to building and maintaining a functional environment.
The present session will both teach networking and security principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and FreeBSD in a lab environment.
Basic to intermediate understanding of TCP/IP networking is expected and required for this session.
Topics covered include
The basics of and network design and taking it a bit further
Building rulesets
Keeping your configurations readable and maintainable
Seeing what your traffic is really about with your friend tcpdump(8)
Filtering, diversion, redirection, Network Address Translation
Handling services that require proxying (ftp-proxy and others)
Address tables and daemons that interact with your setup through them
The whys and hows of network segmentation, DMZs and other separation techniques
Tackling noisy attacks and other pattern recognition and learning tricks
Annoying spammers with spamd
Basics of and not-so basic traffic shaping
Monitoring your traffic
Resilience, High Availability with CARP and pfsync
Troubleshooting: Discovering and correcting errors and faults (tcpdump is your friend)
Your network and its interactions with the Internet at large
Common mistakes in internetworking and peering
Keeping the old IPv4 world in touch with the new of IPv6
The tutorial is lab centered and fast paced. Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the OpenBSD and FreeBSD operating systems.
Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.
This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.