NPF is a BSD licensed stateful packet filter, a central piece of software for firewalling.

[1] NPF is designed for high performance on SMP systems and for easy extensibility.

It supports various forms of Network Address Translation (NAT), stateful packet inspection, tree and hash tables for IP sets, bytecode (BPF or n-code) for custom filter rules and other features.

NPF has extension framework for supporting custom modules.

Features such as packet logging, traffic normalization, random blocking are provided as NPF extensions.