nfnl_osf -f fingerprints [ -d ]
The nfnl_osf utility allows to load a set of operating system signatures into the kernel for later matching against using iptables' osf match.
- -f fingerprints
Read signatures from file fingerprints.
Instead of adding the signatures from fingerprints into the kernel, remove them.
Exit status is 0 if command succeeded, otherwise a negative return code indicates the type of error which happened:
Illegal arguments passed, fingerprints file not readable or failure in netlink communication.
Fingerprints file not specified.
Netlink handle initialization failed or fingerprints file format invalid.
An up to date set of operating system signatures can be downloaded from http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os .
The description of osf match in iptables-extensions(8) contains further information about the topic as well as example nfnl_osf invocations.