Packet filter? Firewall?

By now I have already used some terms and concepts before I've bothered to explain them, and I'll correct that oversight shortly. PF is a packet filter, that is, code which inspects network packets at the protocol and port level, and decides what to do with them. In PF's case this code for the most part operates in kernel space, inside the network code.

PF operates in a world which consists of packets, protocols, connections and ports.

Based on where a packet is coming from or where it's going, which protocol, connection or port it is designated for, PF is able to determine where to lead the packet, or decide if it is to be let through at all.

It's equally possible to direct network traffic based on packet contents, usually referred to as application level filtering, but this is not the kind of thing PF does. We will come back later to some cases where PF will hand off these kinds of tasks to other software, but first let us deal with some basics.

We've already mentioned the firewall concept. One important feature of PF and similar software, perhaps the most important feature, is that it is able to identify and block traffic which you do not want to let into your local network or let out to the world outside. At some point the term 'firewall' was coined.

While blocking "bad" traffic and denying access can be quite important, I tend to emphasize the somewhat wider and more general perspective that the packet filter is a very flexible tool which is extremely useful when you want to take control of what happens in your network.

Taking control means you get to make informed decisions, and that, in my opinion, is when the fun part of being a network administrator starts. And you should be forewarned, staying in control is a recurring theme in this session.