AUTHPF(8) - System Manager’s Manual # AUTHPF(8) - System Manager’s Manual
NAME # authpf, authpf-noip - authenticating gateway user shell
SYNOPSIS # authpf
authpf-noip
DESCRIPTION # authpf is a user shell for authenticating gateways. It is used to change pf(4) rules when a user authenticates and starts a session with sshd(8) and to undo these changes when the user’s session exits. Typical use would be for a gateway that authenticates users before allowing them Internet use, or a gateway that allows different users into different places.
...
BPE(4) - Device Drivers Manual # BPE(4) - Device Drivers Manual
NAME # bpe - Backbone Provider Edge pseudo-device
SYNOPSIS # pseudo-device bpe
DESCRIPTION # The bpe driver creates IEEE 802.1Q Provider Backbone Bridge (PBB) networks by acting as a Backbone Edge Bridge (BEB). PBB, also known as mac-in-mac, was originally specified in IEEE 802.1ah-2008 and became part of IEEE 802.1Q-2011.
A Provider Backbone Bridge Network (PBBN) consists of BEBs interconnected by Backbone Core Bridges (BCBs) to form an Ethernet network for the transport of encapsulated Ethernet packets.
...
DIVERT(4) - Device Drivers Manual # DIVERT(4) - Device Drivers Manual
NAME # divert - kernel packet diversion mechanism
SYNOPSIS # #include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
int
socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT);
int
socket(AF_INET6, SOCK_RAW, IPPROTO_DIVERT);
DESCRIPTION # Divert sockets are part of a mechanism completely integrated with pf(4) that queues raw packets from the kernel stack to userspace applications, and vice versa.
A divert socket must be bound to a divert port through bind(2), which only the superuser can do.
...
ENC(4) - Device Drivers Manual # ENC(4) - Device Drivers Manual
NAME # enc - encapsulating interface
SYNOPSIS # pseudo-device enc
DESCRIPTION # The enc interface is a virtual interface for ipsec(4) traffic. It allows packet filtering using pf(4); prior to encapsulation and after decapsulation, packets may be monitored using tcpdump(8).
An enc interface can be created at runtime using the ifconfig enc‌N create command or by setting up a hostname.
...
FTP-PROXY(8) - System Manager’s Manual # FTP-PROXY(8) - System Manager’s Manual
NAME # ftp-proxy - Internet File Transfer Protocol proxy daemon
SYNOPSIS # ftp-proxy [-6Adrv] [-a sourceaddr] [-b address] [-D level] [-m maxsessions] [-P port] [-p port] [-q queue] [-R address] [-T tag] [-t timeout]
DESCRIPTION # ftp-proxy is a proxy for the Internet File Transfer Protocol. FTP control connections should be redirected into the proxy using the pf(4) divert-to command, after which the proxy connects to the server on behalf of the client.
...
IKED.CONF(5) - File Formats Manual # IKED.CONF(5) - File Formats Manual
NAME # iked.conf - IKEv2 configuration file
DESCRIPTION # iked.conf is the configuration file for iked(8), the Internet Key Exchange version 2 (IKEv2) daemon for IPsec. IPsec itself is a pair of protocols: Encapsulating Security Payload (ESP), which provides integrity and confidentiality; and Authentication Header (AH), which provides integrity. The IPsec protocol itself is described in ipsec(4).
In its most basic form, a flow is established between hosts and/or networks, and then Security Associations (SA) are established, which detail how the desired protection will be achieved.
...
IPSEC.CONF(5) - File Formats Manual # IPSEC.CONF(5) - File Formats Manual
NAME # ipsec.conf - IPsec configuration file
DESCRIPTION # The ipsec.conf file specifies rules and definitions for IPsec, which provides security services for IP datagrams. IPsec itself is a pair of protocols: Encapsulating Security Payload (ESP), which provides integrity and confidentiality; and Authentication Header (AH), which provides integrity. The IPsec protocol itself is described in ipsec(4).
In its most basic form, a flow is established between hosts and/or networks, and then Security Associations (SAs) are established, which detail how the desired protection will be achieved.
...
PF.OS(5) - File Formats Manual # PF.OS(5) - File Formats Manual
NAME # pf.os - format of the operating system fingerprints file
DESCRIPTION # The pf(4) firewall and the tcpdump(8) program can both fingerprint the operating system of hosts that originate an IPv4 TCP connection. The file consists of newline-separated records, one per fingerprint, containing nine colon (’:’) separated fields. These fields are as follows:
window
The TCP window size.
...
PF(4) - Device Drivers Manual # PF(4) - Device Drivers Manual
NAME # pf - packet filter
SYNOPSIS # pseudo-device pf
DESCRIPTION # Packet filtering takes place in the kernel. A pseudo-device, /dev/pf, allows userland processes to control the behavior of the packet filter through an ioctl(2) interface. There are commands to enable and disable the filter, load rulesets, add and remove individual rules or state table entries, and retrieve statistics.
...
PFCTL(8) - System Manager’s Manual # PFCTL(8) - System Manager’s Manual
NAME # pfctl - control the packet filter (PF) device
SYNOPSIS # pfctl [-deghNnPqrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file] [-i interface] [-K key] [-k key] [-L statefile] [-o level] [-p device] [-S statefile] [-s modifier [-R id]] [-t table -T command [address …]] [-V rdomain] [-x level]
DESCRIPTION # The pfctl utility communicates with the packet filter device using the ioctl interface described in pf(4).
...