PF Packet Filter: Dynamic Stateful Firewall Explained | Althox

Por Equipo de Althox lfsg13 -

The digital landscape of the 21st century demands robust security measures to protect networks from an ever-evolving array of threats. At the heart of this defense often lies a firewall, a critical component that governs network traffic. Among the most respected and technically sophisticated firewalls is Packet Filter (PF), a dynamic, configuration-based firewall originally developed for OpenBSD. Its design emphasizes security, flexibility, and performance, making it a cornerstone for system administrators and network engineers.

PF stands out due to its stateful rule processing, meaning it tracks the state of network connections to make intelligent decisions about packet flow. This capability allows for highly granular control over incoming and outgoing traffic, significantly enhancing network resilience. Beyond basic packet filtering, PF integrates advanced features such as Network Address Translation (NAT) and Quality of Service (QoS), providing a comprehensive solution for diverse networking needs.

PF Packet Filter: Dynamic Stateful Firewall Explained

The official logo for OpenBSD's Packet Filter (PF), symbolizing its core function in network traffic management.

This article delves into the intricacies of PF, exploring its origins, architectural principles, key functionalities, and practical applications. We will examine why it became the preferred choice for OpenBSD and how its capabilities extend across other BSD operating systems. Understanding PF is essential for anyone seeking to implement a secure and efficient network infrastructure.

Table of Contents

Origins and OpenBSD's Philosophy

The inception of Packet Filter (PF) is deeply intertwined with the stringent licensing philosophy of the OpenBSD project. Prior to PF, OpenBSD utilized IPFilter, a packet filter developed by Darren Reed. However, a significant licensing dispute arose, which ultimately led to the development of PF as a replacement.

Theo de Raadt, the founder of OpenBSD, famously articulated the project's stance on free software and licensing. He stated that "the software that OpenBSD uses and shares should be free for all (both users and companies), for any purpose you want to be given, including modification, use, peeing on it or even join babies in crushing machines or atomic bombs to throw in Australia." This strong emphasis on unrestricted freedom and modification clashed with the terms of the IPFilter license, which required specific permissions for code changes.

The OpenBSD team, rather than engaging in prolonged negotiations over licensing, decided to develop their own packet filter from scratch. This decision underscored OpenBSD's commitment to self-reliance and adherence to its core principles regarding software freedom. Daniel Hartmeier was the primary developer behind the initial versions of PF, which quickly evolved to surpass its predecessor in functionality and clarity.

Since its introduction in OpenBSD 3.0, PF has been continuously refined and expanded by the OpenBSD team. By OpenBSD 3.8, it had already established a significant advantage over other firewall options available at the time, demonstrating the success of the project's independent development approach. This historical context is crucial for understanding the design choices and inherent security focus embedded within PF.

Core Features of PF

PF is far more than a simple packet blocker; it is a comprehensive network traffic management system. Its rich feature set allows for intricate control and optimization of network communications. These capabilities make it suitable for a wide range of applications, from securing individual hosts to managing complex enterprise networks.

  • Stateful Packet Filtering: This is PF's foundational strength. It maintains a state table for active connections, allowing subsequent packets of an established connection to pass automatically without re-evaluating all rules. This significantly improves performance and simplifies rule sets.
  • Network Address Translation (NAT): PF provides robust NAT capabilities, including both source NAT (SNAT), commonly used for sharing a single public IP address among multiple internal devices, and destination NAT (DNAT), used for port forwarding and redirecting incoming connections.
  • Quality of Service (QoS): Integrated seamlessly, QoS in PF allows administrators to prioritize certain types of traffic. This is crucial for applications sensitive to latency, such as VoIP or video conferencing, ensuring they receive preferential bandwidth. PF achieves this through integration with Alternative Queueing (ALTQ) or more modern mechanisms.
  • Traffic Normalization and Conditioning: PF can normalize incoming packets, ensuring they conform to standard specifications. This helps prevent certain types of attacks that exploit malformed packets and ensures consistent traffic handling.
  • Redundancy and High Availability: For critical environments, PF supports features like pfsync and CARP (Common Address Redundancy Protocol). Pfsync synchronizes the state table between multiple firewalls, ensuring that if one fails, another can seamlessly take over without dropping active connections. CARP allows multiple hosts to share a common IP address, providing failover capabilities.
  • Authentication (authpf): This feature allows users to authenticate against the firewall, granting them temporary access to specific network resources based on their credentials. It's particularly useful for remote access scenarios.
  • FTP Proxy: PF includes an FTP proxy, which is essential for securely handling FTP traffic. FTP is a complex protocol that uses multiple connections, and the proxy ensures that the firewall correctly tracks and manages these connections.

These features, combined with a clear and concise configuration syntax, make PF a powerful tool for network defense and management. Its continuous development ensures it remains relevant in the face of evolving network challenges.

PF Packet Filter: Dynamic Stateful Firewall Explained

A visual representation of a stateful firewall dynamically processing network packets.

Configuring PF: The pf.conf File

The heart of PF configuration lies within the `/etc/pf.conf` file. This plain-text file contains all the rules and directives that dictate how PF behaves. Its syntax is designed to be clear and logical, making it relatively easy to understand once the basic principles are grasped. The file is processed sequentially, and rules are evaluated from top to bottom.

A typical `pf.conf` file is structured into several sections, often beginning with macros, followed by global options, and then the actual filtering and NAT rules. Comments, denoted by a hash symbol (`#`), are extensively used to explain the purpose of each rule or section, which is crucial for maintainability.

Macros

Macros are variables that store values, such as interface names or IP addresses, making the rule set more readable and easier to manage. For instance, defining `int_if = "xl0"` allows `xl0` to be referenced simply as `$int_if` throughout the configuration.

Options

The options section sets global behaviors for PF. A common option is `block-policy return`, which specifies that blocked packets should generate an RST (for TCP) or ICMP (for UDP/ICMP) response, rather than simply dropping them silently. Another essential option is `skip on lo0`, which tells PF to ignore the loopback interface, as traffic on it typically doesn't need filtering.

Rerouting Rules (NAT)

NAT rules define how network addresses are translated. A common scenario is to allow internal networks to access the internet using a single public IP address. The `nat on egress from $int_if:network to any -> (egress)` rule is a classic example, translating source addresses of packets from the internal network (`$int_if:network`) as they exit the external interface (`egress`).

Filter Rules

These are the core of the firewall, determining which packets are allowed or denied. PF typically starts with a default deny rule, such as `block log all`, which logs and blocks all traffic by default. Subsequent `pass` rules then explicitly allow desired traffic. The `quick` keyword ensures that once a rule matches a packet, no further rules are evaluated for that packet, optimizing performance. The `keep state` option, often implicit with `pass` rules, enables stateful inspection, allowing return traffic for established connections.

Common PF Configuration Directives
Directive Description Example
macro = "value" Defines a variable for readability. ext_if = "em0"
set option value Sets a global PF option. set block-policy return
nat on interface from source to destination -> (interface) Source Network Address Translation. nat on $ext_if from $int_net to any -> ($ext_if)
rdr on interface proto {tcp, udp} from any to (interface) port port -> ip port Destination Network Address Translation (port forwarding). rdr on $ext_if proto tcp from any to any port 80 -> 192.168.1.100 port 80
block [log] [quick] all Blocks traffic, optionally logging it. block log all
pass [log] [quick] on interface proto {tcp, udp} from source to destination port port [keep state] Allows traffic, optionally logging and keeping state. pass in on $ext_if proto tcp to ($ext_if) port 22 keep state

The flexibility of `pf.conf` allows for highly customized and secure firewall policies. However, careful planning and testing are essential to avoid inadvertently blocking legitimate traffic or creating security vulnerabilities.

PF Commands and Utilities

Managing PF involves a set of command-line utilities, primarily `pfctl`, which is used to load rules, enable/disable the firewall, and inspect its state. These tools provide administrators with granular control over the firewall's operation and facilitate troubleshooting.

  • `pfctl -e` (Enable PF): This command enables the Packet Filter, allowing it to start processing network traffic according to its loaded rules. It is typically run during system boot.
  • `pfctl -d` (Disable PF): Disables the Packet Filter, effectively allowing all traffic to pass without filtering. This should be used with extreme caution, especially on publicly accessible machines.
  • `pfctl -f /etc/pf.conf` (Load Rules): This is the most frequently used command. It loads the rules from the specified configuration file (`pf.conf`). Before loading, `pfctl` performs a syntax check, and if no errors are found, the new rules are applied.
  • `pfctl -nf /etc/pf.conf` (Syntax Check): Performs a dry run of the configuration file, checking for syntax errors without actually loading the rules. This is invaluable for testing changes before deployment.
  • `pfctl -sr` (Show Rules): Displays the currently loaded filter rules.
  • `pfctl -ss` (Show States): Shows the current state table, listing active connections that PF is tracking. This is crucial for debugging connectivity issues.
  • `pfctl -sa` (Show All): Provides a comprehensive overview of PF's current status, including rules, states, tables, and counters.
  • `pfctl -t table_name -T add ip_address` (Table Management): PF supports tables for grouping IP addresses or networks, which can be dynamically updated. This command adds an IP address to a specified table.

The `pfctl` utility is a powerful tool that allows administrators to manage PF effectively, ensuring that network security policies are correctly applied and maintained.

Logging and Analysis with PF

Effective monitoring and analysis of firewall activity are crucial for identifying security incidents, troubleshooting network issues, and ensuring compliance. PF provides robust logging capabilities that integrate well with standard network analysis tools.

PF Packet Filter: Dynamic Stateful Firewall Explained

A detailed view of pf.conf syntax on a terminal, highlighting the technical nature of firewall configuration.

PF logging is configured directly within the `pf.conf` rules using the `log` keyword. For example, `block log all` will log all blocked packets. These logs are not written directly to a file but are made available through a special network pseudo-device called `pflog`.

To access and analyze these logs, several utilities can be employed:

  • `tcpdump`: This ubiquitous network packet analyzer can directly read from the `pflog` interface. For example, `tcpdump -i pflog0` will display real-time PF logs. The logs are in a binary `tcpdump/pcap` format, which has been slightly modified by OpenBSD to include additional PF-specific statistics, such as the rule number that triggered the log, the interface used, and state information.
  • `pflogd`: This daemon is specifically designed to capture PF logs from `pflog0` and write them to a binary log file, typically `/var/log/pflog`. This allows for persistent storage of logs, which can then be analyzed offline.
  • `Wireshark` (formerly Ethereal): This popular graphical network protocol analyzer can open and interpret `tcpdump/pcap` files, including those generated by PF. Its advanced filtering and visualization capabilities make it an excellent tool for in-depth analysis of firewall activity.

The use of a standardized `pcap` format, albeit with minor extensions, ensures compatibility with a wide range of existing network analysis tools. This facilitates detailed forensic analysis and performance monitoring, allowing administrators to gain deep insights into network traffic patterns and potential security threats.

Portability and Adoption Across BSD

While PF originated and is most tightly integrated with OpenBSD, its robust design and clear licensing have led to its adoption and porting to other BSD-derived operating systems. This widespread availability underscores its reputation as a high-quality firewall solution.

Key instances of PF's portability include:

  • NetBSD: PF was ported to NetBSD 3.0 by Itojun (Jun-ichiro Hagino), further expanding its reach within the BSD ecosystem. This port brought PF's advanced capabilities to NetBSD users, who value its stability and comprehensive feature set.
  • FreeBSD: PF has been included in the default configuration of FreeBSD since version 5.3. This integration made PF a readily available and popular choice for FreeBSD users, offering a powerful alternative to other firewall solutions like IPFW.
  • DragonFlyBSD: PF also made its appearance in DragonFlyBSD starting from version 1.2. DragonFlyBSD, a fork of FreeBSD, benefits from PF's robust security features, aligning with its goals of providing a highly scalable and reliable operating system.

This cross-platform adoption within the BSD family highlights PF's architectural elegance and its ability to adapt to different kernel environments. Each port typically maintains the core functionality and syntax of PF, ensuring that administrators familiar with OpenBSD's implementation can easily transition to other BSD systems.

Advantages and Considerations

PF offers several compelling advantages that contribute to its popularity and effectiveness as a firewall. However, like any sophisticated tool, it also comes with certain considerations that users should be aware of.

Advantages

  • Robust Security: Developed with OpenBSD's security-first philosophy, PF is designed to be extremely secure and resilient against various network attacks. Its stateful nature and traffic normalization features are key to this.
  • Flexibility and Power: The extensive feature set, including NAT, QoS, redundancy, and authentication, provides unparalleled flexibility for complex network configurations.
  • Clear and Concise Syntax: The `pf.conf` syntax is often praised for its readability and logical structure, which simplifies rule creation and management compared to some other firewall syntaxes.
  • Performance: Thanks to its kernel-level integration and efficient state engine, PF offers excellent performance, even under heavy network loads.
  • Open Source and Well-Documented: Being open source, PF benefits from community scrutiny and continuous development. Its manual pages (`man pf`, `man pf.conf`, `man pfctl`) are highly detailed and considered authoritative documentation.

Considerations

  • Learning Curve: While the syntax is logical, mastering PF requires a solid understanding of networking concepts and firewall principles. Beginners may find the initial learning curve steep.
  • BSD Ecosystem Specificity: Although ported to other BSDs, PF is most at home in the BSD environment. Users primarily working with Linux-based systems might find `iptables` or `nftables` more native to their environment.
  • Configuration Complexity: For very simple firewall needs, PF might be overkill, and its comprehensive features could lead to overly complex configurations if not managed carefully.

Despite the learning investment, the benefits of PF in terms of security, control, and performance often outweigh the initial challenges, especially for those operating within the BSD ecosystem or requiring a highly customizable firewall solution.

Conclusion: PF, a Pillar of Network Security

Packet Filter (PF) stands as a testament to OpenBSD's unwavering commitment to security and open-source principles. Born from a licensing dispute, it rapidly evolved into one of the most powerful, flexible, and respected stateful firewalls available. Its comprehensive feature set, including advanced packet filtering, Network Address Translation, Quality of Service, and high-availability options, makes it an indispensable tool for securing and managing network traffic.

The clear and logical syntax of its configuration file, `pf.conf`, coupled with powerful command-line utilities like `pfctl` and robust logging mechanisms, empowers administrators to craft highly specific and effective security policies. Its adoption across other BSD systems like FreeBSD, NetBSD, and DragonFlyBSD further solidifies its position as a leading firewall solution in the open-source world.

While it demands a certain level of technical expertise, the investment in learning PF pays dividends in terms of network resilience, control, and peace of mind. As network threats continue to grow in sophistication, firewalls like PF remain critical components in building and maintaining secure digital infrastructures, safeguarding data and ensuring the integrity of communication.

Source: Hybrid content assisted by AIs and human editorial supervision.

Comentarios

Publicar un comentario

Entradas populares de este blog

Ábaco y Tipos de Ábacos (Marco de Contar - Calculadora Manual)

Por Equipo de Althox . -
Imagen
El Ábaco, antigua Herramienta de Cálculo Manual, aún usada en la actualidad Fuente Foto Ábumes Web Picasa Licencia:  Click Aquí Definición Ábaco también llamado marco de contar, es una herramienta de cálculo utilizado principalmente en partes de Asia para el ejercicio de procesos de aritmética. Hoy en día, ábacos se construyen a menudo como un marco de bambú con cuentas deslizantes sobre alambres, pero originalmente eran frijoles o piedras, posteriormente se trasladó en las ranuras en la arena o en unas tablitas de madera, piedra o metal. El ábaco fue durante siglos antes de la adopción del sistema escrito de numerales modernos y sigue siendo ampliamente utilizado por los comerciantes, los comerciantes y dependientes de Asia, África y otros lugares. El usuario de un ábaco se llama un abacist.  Más sobre Definición Ábaco Etimología del Ábaco El uso de la palabra ábaco data de fechas anteriores al 1387 D.C., cuando un Inglés en medio del trabajo pre...
Mostrar más »

Ábaco Cranmer: Herramienta Esencial para Invidentes | Althox

Por Equipo de Althox lfsg13 -
Imagen
El ábaco, una de las herramientas de cálculo más antiguas de la humanidad, ha evolucionado a lo largo de los siglos para adaptarse a diversas necesidades y culturas. Desde el ábaco romano hasta el soroban japonés, su función principal ha sido simplificar las operaciones aritméticas. Sin embargo, una de sus adaptaciones más significativas y humanitarias es el Ábaco Cranmer , diseñado específicamente para personas con discapacidad visual. Esta ingeniosa herramienta no solo permite a los invidentes realizar cálculos complejos con precisión, sino que también fomenta el desarrollo de habilidades matemáticas fundamentales que van más allá de la simple memorización. Su diseño único aborda los desafíos táctiles que enfrentan los usuarios, convirtiéndolo en un pilar en la educación y la vida cotidiana de millones de personas en todo el mundo. Acompáñanos a explorar la historia, el funcionamiento y el impacto duradero de este extraordinario instrumento. Tabla de Contenidos: Intro...
Mostrar más »

Alfabeto tambien conocido como Abecedario o ABC

Por Equipo de Althox . -
Imagen
Un Alfabeto,  Abecedario o ABC : Es un conjunto estandarizado de letras y símbolos escritos base o grafemas. Cada uno de los cuales aproximadamente representa un fonema en un lenguaje hablado, ya sea tal y como existe ahora o como lo fue en el pasado. Imagen Alfabeto Básico Español  "Letra cursiva" Fuente: Wikimedia Commons Imagen de Dominio Público Hay otros  Sistemas de Alfabeto , abecedario o abc, Tales como logografías, en el que cada carácter representa una palabra, morfema, una unidad semántica; y silabarios. En el que cada carácter representa una sílaba del  alfabeto , abecedario o abc . Clasificación de los Alfabetos, Abecedarios o ABC Los alfabetos, abecedarios o abc, se clasifican según la forma en que indican las vocales de la siguiente forma: Del mismo modo que las consonantes, como en el alfabeto, abecedario o abc Griego (Alfabeto verdadero)  Diacríticos o modificación de las consonantes, co...
Mostrar más »

Músculo abductor del dedo meñique del pie

Por Equipo de Althox . -
Imagen
Músculo Abductor del Dedo Meñique del Pie y su importancia en el Equilibrio Corporal Fuente Wikimedia Commons Abductor del Dedo Quinti - (Músculo abductor del dedo meñique del pie) Es un músculo que se encuentra a lo largo del borde lateral del pie, y está en relación por su borde medio con los vasos y nervios plantares laterales. El músculo Abductor del dedo meñique del pie surge ampliamente, desde el proceso lateral de la tuberosidad del calcáneo;  Inicia desde la superficie inferior del calcáneo entre los dos procesos de dicha tuberosidad, hacia la parte delantera del proceso interno del plantar aponeurosis; y se extiende al tabique intermuscular entre éste y el Flexor corto de los dedos de los pies. Extensión  - (Músculo abductor del dedo meñique del pie)   El músculo  Abductor  del dedo meñique del pie cubre por así decirlo el tendón. Después de deslizarse suavemente sobre la superficie inferior de la base de la quinto m...
Mostrar más »

Escultura de Michael Jackson, su Infancia y Adolescencia

Por Equipo de Althox . -
Imagen
Michael Jackson, Escultura del Rey del Pop Fuente Wikimedia Commons Dominio Público Los Primeros años de Michael Jackson y los Jackson 5 (1958-1975) Michael Jackson, nació el 29 de agosto de 1958, el octavo de diez hijos de una familia afroamericana de clase trabajadora, en Gary, Indiana, un suburbio industrial de Chicago. Su madre, Katherine Esther Scruse, Era una devota ferviente de los Testigos de Jehová; y su padre, Walter José "Joe" Jackson, Era un trabajador de fábrica de acero que se realiza con una banda de R&B(Rhythm and Blues) llamado The Falcons. Michael Jackson, tuvo tres hermanas: Rebbie, La Toya; y Janet Jackson; y cinco hermanos: Jackie, Tito, Jermaine, Marlon; y Randy Jackson. Un sexto hermano de Michael Jackson, llamado: Brandon, murió poco después de su nacimiento. Michael Jackson, su Infancia, Adolescencia; y su Díficil relación con su Padre Michael Jackson, tuvo una relación sumamente difícil con su padre, Joe el padre de Michael Ja...
Mostrar más »

In The Closet: Michael Jackson's Privacy Anthem | Althox

Por Equipo de Althox lfsg13 -
Imagen
Michael Jackson's "In The Closet," released in 1992 as a single from his groundbreaking 1991 album Dangerous , transcends the typical pop hit. It stands as a profound artistic declaration, a meticulously crafted response to the relentless media scrutiny that shadowed the King of Pop throughout his life. This track masterfully weaves a powerful message about the universal right to privacy into the infectious, innovative sounds of New Jack Swing, challenging public perception and inviting listeners into a guarded world where intimacy and defiance coexist. The song's creation was as intriguing as its content, marked by a famously aborted collaboration with Madonna and culminating in a work that cemented Jackson's evolution into a more mature, complex, and confrontational artist. "In The Closet" remains a crucial piece for understanding Michael Jackson's artistic psyche during a period of immense pressure. It perfectly exemplifies his genius for blend...
Mostrar más »

Human Nature Michael Jackson: Análisis, Letra, Legado | Althox

Por Equipo de Althox lfsg13 -
Imagen
"Human Nature" se erige como una de las baladas más emblemáticas y conmovedoras del repertorio de Michael Jackson, una obra maestra que trasciende el tiempo y las generaciones. Lanzada en 1983 como el quinto sencillo de su álbum revolucionario, "Thriller", esta canción ofreció un contrapunto introspectivo y melódico a los ritmos enérgicos que dominaban el disco. Su capacidad para evocar la curiosidad humana, la vulnerabilidad y la búsqueda de conexión en un mundo complejo la ha cimentado como una pieza fundamental en la historia de la música pop. A través de una producción sublime y una interpretación vocal inigualable, Jackson logró capturar la esencia de la experiencia humana, transformando una melodía inicialmente descartada en un himno universal. Este análisis exhaustivo explorará los orígenes inesperados de "Human Nature", su intrincada construcción lírica y musical, su profundo impacto cultural y el legado perdurable que dejó en la carrera del Rey...
Mostrar más »

Human Nature Michael Jackson: Deep Dive & Legacy | Althox

Por Equipo de Althox lfsg13 -
Imagen
"Human Nature" stands as one of Michael Jackson's most poignant and introspective ballads, offering a stark yet beautiful contrast to the electrifying dance anthems and pop-rock hits that defined his monumental "Thriller" album. Released in 1983 as the fifth single from the album, this track quickly captivated audiences with its ethereal melody, heartfelt lyrics, and Jackson's remarkably tender vocal performance. It was not merely another song on a best-selling album; it represented a deep dive into themes of human connection, urban allure, and emotional vulnerability, showcasing a side of the King of Pop that resonated profoundly with listeners worldwide. Its understated elegance and profound lyrical depth secured its place as a fan favorite and a critical success, demonstrating the sheer breadth of musical artistry present in Jackson's work. The song highlighted his unparalleled ability to convey complex emotions with effortless grace, cementing its...
Mostrar más »

Crédito Naval: Privilegios Marítimos, Guía Legal 2026 | Althox

Por Equipo de Althox lfsg13 -
Imagen
En el vasto y dinámico universo del derecho marítimo , la navegación acuática se erige como una actividad fundamental para el comercio global, pero también como un ámbito que demanda marcos legales robustos y altamente especializados. La complejidad de operar una embarcación, con sus inherentes riesgos y la movilidad de sus activos, ha dado origen a figuras jurídicas esenciales para garantizar la seguridad económica y la fluidez de las transacciones. Uno de los pilares de esta seguridad es el concepto de crédito naval y los privilegios marítimos asociados. Estos mecanismos legales otorgan a ciertos acreedores una preferencia especial sobre los bienes vinculados a la nave, asegurando el pago de deudas en un sector donde la solvencia y la continuidad operativa son críticas. Este análisis profundiza en las disposiciones del Libro Quinto del Código de Comercio Colombiano, específicamente el Título VIII, que abarca los artículos 1555 a 1565, dedicados al Crédito Naval y sus Privilegi...
Mostrar más »

Abreviatura AA o aa (Sigla con diferentes significados)

Por Equipo de Althox lfsg13 -
Imagen
Letra A-a Primera Letra y Vocal del Alfabeto Fuente Wikimedia Commons Imagen de Dominio Público La unión de la letra A con otra letra A puede tener múltiples significados, comúnmente son las siglas de diferentes organizaciones, empresas, significados, denominaciones, etc. ... A continuación algunas de las más conocidas: Abreviatura o Sigla AA en Organizaciones y Empresas A.A: Escuela de Arquitectura de la Architectural Association, la prestigiosa Escuela de Arquitectura con sede en Londres  A.A: Colegio de Arquitectos de Dinamarca (Akademisk Arkitektforening)  A.A: La Academia de Albany, una escuela independiente para chicos en Albany, Nueva York  A.A: Albuquerque Academia, una escuela independiente en Albuquerque , Nuevo México  A.A: Alcoa, una compañía estadounidense productora de aluminio con el símbolo de cotización bursátil de AA  A.A: Alcohólicos Anónimos, una comunidad mundial de personas que se recuperan del alcoholismo  A.A: Alin...
Mostrar más »