Speakers
Description
The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.
Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will teach the principles and hands-on operation of the extensive network tools available on OpenBSD and sister operating systems. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.
Topics covered include
The basics of and network design and taking it a bit further
Building rulesets best pracitces, avoiding common pitfalls in firewall rule construction.
Keeping your configurations readable and maintainable
Filtering, diversion, redirection, Network Address Translation
Handling services that require proxying (ftp-proxy and others)
Address tables and daemons that interact with your setup through them
The whys and hows of network segmentation, DMZs and other separation techniques
Tackling noisy attacks and other pattern recognition and learning tricks
Annoying spammers with spamd
Basics of and not-so basic traffic shaping
Monitoring your traffic
Redundancy of PF firewalls using PF sync + CARP + Ifstatd
Troubleshooting: Discovering and correcting errors and faults
Your network and its interactions with the Internet at large
Common mistakes in internetworking and peering
Keeping the old IPv4 world in touch with the new of IPv6
Using PF and OpenBGPd together to implement an automated, distributed implementation of PF policies
Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.
Participants should bring a laptop, the format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.
This session is an evolutionary successor to previous sessions. Slides for previous PF tutorial sessions are up at https://home.nuug.no/~peter/pftutorial/, to be updated with the present version when the session opens.
Speakers:
Peter N. M. Hansteen, Senior Technical Specialist at Tietoevry. Author of The Book of PF (https://nostach.com/pf3), occasional blogger (https://bsdly.blogspot.com) and lecturer on IT security with a strong preference for OpenBSD.
Massimiliano Stucchi, Technical Advisor at The Internet Society, IPv6 enthusiast, frequent lecturer on network security and IPv6 matters.
Tom Smyth CTO Wireless Connect Ltd. ISP Network operator and security consultant.
