1*bb75b0d5SLexi Winter/* 2*bb75b0d5SLexi Winter * SPDX-License-Identifier: ISC 3*bb75b0d5SLexi Winter * 4*bb75b0d5SLexi Winter * Copyright (c) 2025 Lexi Winter <ivy@FreeBSD.org> 5*bb75b0d5SLexi Winter * 6*bb75b0d5SLexi Winter * Permission to use, copy, modify, and distribute this software for any 7*bb75b0d5SLexi Winter * purpose with or without fee is hereby granted, provided that the above 8*bb75b0d5SLexi Winter * copyright notice and this permission notice appear in all copies. 9*bb75b0d5SLexi Winter * 10*bb75b0d5SLexi Winter * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11*bb75b0d5SLexi Winter * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12*bb75b0d5SLexi Winter * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13*bb75b0d5SLexi Winter * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14*bb75b0d5SLexi Winter * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15*bb75b0d5SLexi Winter * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16*bb75b0d5SLexi Winter * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17*bb75b0d5SLexi Winter */ 18*bb75b0d5SLexi Winter 19*bb75b0d5SLexi Wintercomment = "OpenBSD packet filter" 20*bb75b0d5SLexi Winter 21*bb75b0d5SLexi Winterdesc = <<EOD 22*bb75b0d5SLexi Winterpf is an advanced stateful packet filter developed by the OpenBSD project. 23*bb75b0d5SLexi WinterIn addition to basic packet filtering, pf supports connection redirection, 24*bb75b0d5SLexi WinterNetwork Address Translation (NAT), traffic normalisation, synchronisation 25*bb75b0d5SLexi Winterof filter state between hosts (for redundant failover), and queueing via 26*bb75b0d5SLexi Winteraltq(9) or dummynet(4). This version of pf also supports basic layer 2 27*bb75b0d5SLexi WinterEthernet filtering. 28*bb75b0d5SLexi Winter 29*bb75b0d5SLexi WinterThis package provides the pfctl(8) configuration utility used to monitor and 30*bb75b0d5SLexi Winterchange the pf configuration, as well as rc(8) scripts to configure pf during 31*bb75b0d5SLexi Wintersystem startup, and a periodic(8) script to report connections denied by pf. 32*bb75b0d5SLexi Winter 33*bb75b0d5SLexi WinterSeveral example pf rulesets are also provided in /usr/share/examples/pf. 34*bb75b0d5SLexi WinterEOD 35