Manual browser: npf(7)

Section:
Page:
NPF(7) Miscellaneous Information Manual NPF(7)

NAME

NPFNetBSD packet filter

DESCRIPTION

NPF is a layer 3 packet filter, supporting IPv4 and IPv6 as well as layer 4 protocols such as TCP, UDP, and ICMP. It was designed with a focus on high performance, scalability, and modularity.

NPF was written from scratch in 2009 and is distributed under the 2-clause BSD license.

FEATURES

NPF offers the traditional set of features provided by packet filters. Some key features are:
  • Stateful inspection (connection tracking).
  • Network address translation (NAT). This includes static (stateless) and dynamic (stateful) translation, port translation, bi-directional NAT, etc.
  • IPv6-to-IPv6 network prefix translation (NPTv6).
  • Tables for efficient IP sets.
  • Application Level Gateways (e.g., to support traceroute).
  • NPF uses BPF with just-in-time (JIT) compilation.
  • Rule procedures and a framework for NPF extensions.
  • Traffic normalization (extension).
  • Packet logging (extension).

For a full set features and their description, see the NPF documentation and other manual pages.

SEE ALSO

libnpf(3), bpf(4), bpfjit(4), npf.conf(5), pcap-filter(7), npfctl(8)

NPF documentation

HISTORY

NPF first appeared in NetBSD 6.0.

AUTHORS

NPF was designed and implemented by Mindaugas Rasiukevicius.
August 2, 2014 NetBSD 7.0
Back to the section
Back to the homepage