Book of PF

A No-Nonsense Guide to the OpenBSD Firewall
by Peter N.M. Hansteen

December 2007, 184 pp.
ISBN: 978-1-59327-165-7

This book is currently out of stock, but the ebook is still available

There's a newer edition of this book available!

Click here to download Chapter 4: Wireless Networks Made Easy

OpenBSD's stateful packet filter, PF, offers an amazing feature set and support across the major BSD platforms. Like most firewall software though, unlocking PF's full potential takes a good teacher. Peter N.M. Hansteen's PF website and conference tutorials have helped thousands of users build the networks they need using PF. The Book of PF is the product of Hansteen's knowledge and experience, teaching good practices as well as bare facts and software options. Throughout the book, Hansteen emphasizes the importance of staying in control by having a written network specification, using macros to make rule sets more readable, and performing rigid testing when loading in new rules.

Today's system administrators face increasing challenges in the quest for network quality, and The Book of PF can help by demystifying the tools of modern *BSD network defense. But, perhaps more importantly, because we know you like to tinker, The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:

  • Create rule sets for all kinds of network traffic, whether it is crossing a simple home LAN, hiding behind NAT, traversing DMZs, or spanning bridges
  • Use PF to create a wireless access point, and lock it down tight with authpf and special access restrictions
  • Maximize availability by using redirection rules for load balancing and CARP for failover
  • Use tables for proactive defense against would-be attackers and spammers
  • Set up queues and traffic shaping with ALTQ, so your network stays responsive
  • Master your logs with monitoring and visualization, because you can never be too paranoid

The Book of PF is written for BSD enthusiasts and network admins at any level of expertise. With more and more services placing high demands on bandwidth and increasing hostility coming from the Internet at-large, you can never be too skilled with PF.


About the Author

Peter N.M. Hansteen is a consultant, writer, and sysadmin based in Bergen, Norway. A longtime Freenix advocate, Hansteen is a frequent lecturer on FreeBSD and OpenBSD topics. The Book of PF, Hansteen's first book, is an expanded follow-up to his very popular online PF tutorial.


Table of Contents

Foreword by Bob Beck
Preface
Chapter 1: What PF Is
Chapter 2: Let's Get On With It
Chapter 3: Into the Real World
Chapter 4: Wireless Networks Made Easy
Chapter 5: Bigger or Trickier Networks
Chapter 6: Turning the Tables for Proactive Defense
Chapter 7: Queues, Shaping, and Redundancy
Chapter 8: Logging, Monitoring, and Statistics
Chapter 9: Getting Your Setup Just Right
Appendix A: Resources
Appendix B: A Note on Hardware Support
Index

To view the detailed Table of Contents (PDF) click here.

To view the Index (PDF) click here.

(top)

Reviews

"This book is for everyone who uses PF. Regardless of operating system and skill level, this book will teach you something new and interesting."
—BSD Magazine (Read More)

"With Mr. Hansteen paying close attention to important topics like state inspection, SPAM, black/grey listing, and many others, this must have reference for BSD users can go a long way to helping you fine tune the who/what/where/when/how of access control on your BSD box."
—InfoWorld (Read More)

"A must-have resource for anyone who deals with firewall configurations. If you've heard good things about PF and have been thinking of giving it a go, this book is definitely for you. Start at the beginning and before you know it you'll be through the book and quite the PF guru. Even if you're already a PF guru, this is still a good book to keep on the shelf to refer to in thorny situations or to lend to colleagues."
—Dru Lavigne, tech writer (Read More)

"The book is a great resource and has me eager to rewrite my aging rulesets."
—;login: (Read More)

"This book is a super-easy read. I loved it! This book easily makes my Top 5 Book list"
—Daemon News (Read More)

(top)

Updates

(show updates)(top)