npf(7) - NetBSD Manual Pages

NPF(7)              NetBSD Miscellaneous Information Manual             NPF(7)


NAME

     NPF -- NetBSD packet filter


DESCRIPTION

     NPF is a layer 3 packet filter, supporting IPv4 and IPv6 as well as layer
     4 protocols such as TCP, UDP, and ICMP.  It was designed with a focus on
     high performance, scalability, and modularity.


FEATURES

     NPF offers the traditional set of features provided by packet filters.
     Some key features are:

           ·   Stateful inspection (connection tracking).

           ·   Network address translation (NAT).  This includes static
               (stateless) and dynamic (stateful) translation, port transla-
               tion, bi-directional NAT, etc.

           ·   IPv6-to-IPv6 network prefix translation (NPTv6).

           ·   Tables for efficient IP sets.

           ·   Application Level Gateways (e.g., to support traceroute).

           ·   Use of BPF with just-in-time (JIT) compilation.

           ·   Rule procedures and a framework for NPF extensions.

           ·   Traffic normalisation (extension).

           ·   Packet logging (extension).

     For a full set of features and their description, see the NPF documenta-
     tion website and other manual pages.


SEE ALSO

     libnpf(3), bpf(4), bpfjit(4), npf.conf(5), npf-params(7), pcap-filter(7),
     npfctl(8), npfd(8)

     NPF project page:
           https://github.com/rmind/npf/

     NPF documentation website:
           http://rmind.github.io/npf/


HISTORY

     NPF was written from scratch in 2009 and is distributed under the
     2-clause BSD license.  It first appeared in NetBSD 6.0.


AUTHORS

     NPF was designed and implemented by Mindaugas Rasiukevicius.

NetBSD 9.3                      August 11, 2019                     NetBSD 9.3