OpenBSD PF Filtering traffic by Operating System

I was reading through the PF manual, and came across a section on filtering traffic with Passive Operating System Fingerprinting. PF contains dozens of Operating System fingerprints. The full list of fingerprints can be printed with the pfctl utility: Or with one of the available UNIX pagers: Using the fingerprints listed here, we can filter inbound connections by IP address, TCP/UDP ports, and Operating System: This example will allow OpenBSD systems with an IP address in the 192.168.1.0/24 network to ssh to any machine on our network. This has some interesting uses.