VPF Firewall

VPF is a stateful packet filter and NAT plugin for VPP created by Netgate. It supports filtering and NAT together in a single plugin, similar to how PF works on other platforms such as pfSense® software. VPF handles packet filtering and NAT tasks in a more robust and flexible manner than the VPP ACL and VPP NAT functionality included in VPP, which do not interoperate well with each other and have a history of instability.

Warning

VPF is intended to replace the VPP ACL and VPP NAT functionality in the dataplane. VPF is not intended to work together with those features.

• VPF Tables
• VPF Filtering
• VPF Network Address Translation
• VPF High Availability
• VPF Options
• VPF Monitoring
• Converting from Dataplane NAT to VPF NAT