npf(7) - NetBSD Manual Pages

Command: Section: Arch: Collection:  
NPF(7)              NetBSD Miscellaneous Information Manual             NPF(7)


NAME
NPF -- NetBSD packet filter
DESCRIPTION
NPF is a layer 3 packet filter, supporting IPv4 and IPv6 as well as layer 4 protocols such as TCP, UDP, and ICMP. It was designed with a focus on high performance, scalability, and modularity. NPF was written from scratch in 2009 and is distributed under the 2-clause BSD license.
FEATURES
NPF offers the traditional set of features provided by packet filters. Some key features are: · Stateful inspection (connection tracking). · Network address translation (NAT). This includes static (stateless) and dynamic (stateful) translation, port transla- tion, bi-directional NAT, etc. · IPv6-to-IPv6 network prefix translation (NPTv6). · Tables for efficient IP sets. · Application Level Gateways (e.g., to support traceroute). · NPF uses BPF with just-in-time (JIT) compilation. · Rule procedures and a framework for NPF extensions. · Traffic normalization (extension). · Packet logging (extension). For a full set of features and their description, see the NPF documenta- tion and other manual pages.
SEE ALSO
libnpf(3), bpf(4), bpfjit(4), npf.conf(5), pcap-filter(7), npfctl(8) NPF documentation: http://www.netbsd.org/~rmind/npf/
HISTORY
NPF first appeared in NetBSD 6.0.
AUTHORS
NPF was designed and implemented by Mindaugas Rasiukevicius. NetBSD 7.0 July 13, 2015 NetBSD 7.0
Powered by man-cgi (2024-03-20). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.