nfnl_osf

nfnl_osf -f fingerprints [ -d ]

The nfnl_osf utility allows to load a set of operating system signatures into the kernel for later matching against using iptables' osf match.

-f fingerprints

Read signatures from file fingerprints.

-d

Instead of adding the signatures from fingerprints into the kernel, remove them.

Exit status is 0 if command succeeded, otherwise a negative return code indicates the type of error which happened:

-1

Illegal arguments passed, fingerprints file not readable or failure in netlink communication.

-ENOENT

Fingerprints file not specified.

-EINVAL

Netlink handle initialization failed or fingerprints file format invalid.

An up to date set of operating system signatures can be downloaded from http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os .

The description of osf match in iptables-extensions(8) contains further information about the topic as well as example nfnl_osf invocations.