OS fingerprint loader utility
-8 nfnl_osf -ffingerprints [ -d ]
The nfnl_osf utility allows to load a set of operating system signatures into the kernel for later matching against using iptables' osf match.
-ffingerprints Read signatures from file fingerprints.
-d Instead of adding the signatures from fingerprints into the kernel, remove them.
Exit status is 0 if command succeeded, otherwise a negative return code indicates the type of error which happened:
-1 Illegal arguments passed, fingerprints file not readable or failure in netlink communication.
-ENOENT Fingerprints file not specified.
-EINVAL Netlink handle initialization failed or fingerprints file format invalid.
An up to date set of operating system signatures can be downloaded from http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os .
The description of osf match in iptables-extensions(8) contains further information about the topic as well as example nfnl_osf invocations.