EuroBSDCon 2025

Tom Smyth

Tom is a Network Engineer for an SME ISP and SME MSPs.
Tom Regularly uses OpenBSD network appliances in varying roles in his ISP, from BGP Routers running full Internet tables, PF Synced Firewall clusters, and other critical network functions such as DNS using NSD and unbound all running on Top of OpenBSD.
Tom Also represents SME ISPs and Internet Stakeholders on Issues relating to Internet access and ISP regulations in the EU


Session

09-25
10:30
420min
Network Management with the OpenBSD Packet Filter Toolset
Peter N. M. Hansteen, Tom Smyth

The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the OpenBSD and FreeBSD operating systems.

Understanding the PF subsystem and the set of networking tools that interact with it is essential to building and maintaining a functional environment.

The present session will both teach networking and security principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and FreeBSD in a lab environment.

Basic to intermediate understanding of TCP/IP networking is expected and required for this session.

Topics covered include

The basics of and network design and taking it a bit further

Building rulesets

Keeping your configurations readable and maintainable

Seeing what your traffic is really about with your friend tcpdump(8)

Filtering, diversion, redirection, Network Address Translation

Handling services that require proxying (ftp-proxy and others)

Address tables and daemons that interact with your setup through them

The whys and hows of network segmentation, DMZs and other separation techniques

Tackling noisy attacks and other pattern recognition and learning tricks

Annoying spammers with spamd

Basics of and not-so basic traffic shaping

Monitoring your traffic

Resilience, High Availability with CARP and pfsync

Troubleshooting: Discovering and correcting errors and faults (tcpdump is your friend)

Your network and its interactions with the Internet at large

Common mistakes in internetworking and peering

Keeping the old IPv4 world in touch with the new of IPv6

The tutorial is lab centered and fast paced. Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the OpenBSD and FreeBSD operating systems.

Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.

This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.

Tutorials
A201