NAME
NPF —
NetBSD packet filter
DESCRIPTION
NPF is a layer 3 packet filter, supporting IPv4 and IPv6
as well as layer 4 protocols such as TCP, UDP, and ICMP. It was designed with
a focus on high performance, scalability, and modularity.
FEATURES
NPF offers the traditional set of features
provided by packet filters. Some key features are:
- Stateful inspection (connection tracking).
- Network address translation (NAT). This includes static (stateless) and dynamic (stateful) translation, port translation, bi-directional NAT, etc.
- IPv6-to-IPv6 network prefix translation (NPTv6).
- Tables for efficient IP sets.
- Application Level Gateways (e.g., to support traceroute).
- Use of BPF with just-in-time (JIT) compilation.
- Rule procedures and a framework for
NPFextensions. - Traffic normalisation (extension).
- Packet logging (extension).
For a full set of features and their description, see the
NPF documentation website and other manual
pages.
SEE ALSO
libnpf(3), bpf(4), bpfjit(4), npf.conf(5), npf-params(7), pcap-filter(7), npfctl(8), npfd(8)
HISTORY
NPF was written from scratch in 2009 and
is distributed under the 2-clause BSD license. It first appeared in
NetBSD 6.0.
AUTHORS
NPF was designed and implemented by
Mindaugas Rasiukevicius.