Book of PF, 3rd Edition

A No-Nonsense Guide to the OpenBSD Firewall
by Peter N. M. Hansteen

October 2014, 216 pp.
ISBN: 978-1-59327-589-1
Contents | Reviews | Updates

Order now and get early access to the PDF ebook!
(What's that?)
(Which chapters are available now?)

Get 30% off with the coupon code EARLYBIRD

OpenBSD's stateful packet filter, PF, is the heart of the OpenBSD firewall and a necessity for any admin working in a BSD environment. The Book of PF is the essential guide to building a secure network with PF.

This third edition of The Book of PF covers the most up-to-date developments in PF, including new content on IPv6, as well as details you won't find anywhere else on the new traffic shaping system introduced in OpenBSD 5.5. Based on Peter N.M. Hansteen's popular PF website and conference tutorials, this no-nonsense guide covers NAT and redirection, wireless networking, spam fighting, failover provisioning, logging, and more. Throughout the book, Hansteen emphasizes the importance of staying in control with a written network specification, keeping rule sets readable using macros, and performing rigid testing when loading new rules.

The Book of PF is for BSD enthusiasts and network administrators at any skill level. With more and more services placing high demands on bandwidth, and an increasingly hostile Internet environment, you can't afford to be without PF expertise.

About the Author

Peter N. M. Hansteen is a consultant, sysadmin, and writer based in Bergen, Norway. A longtime Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional contributor to BSD Magazine and writes a frequently slashdotted blog at Hansteen was a participant in the original RFC 1149 implementation team. The Book of PF is an expanded follow up to his very popular online PF tutorial (

Table of Contents

Chapter 1: Building the Network You Need (AVAILABLE NOW)
Chapter 2: PF Configuration Basics (AVAILABLE NOW)
Chapter 3: Into the Real World (AVAILABLE NOW)
Chapter 4: Wireless Networks Made Easy (AVAILABLE NOW)
Chapter 5:
Bigger or Trickier Networks
Chapter 6: Turning the Tables for Proactive Defense
Chapter 7: Traffic Shaping with Queues and Priorities
Chapter 8: Redundancy and Resource Availability
Chapter 9: Logging, Monitoring, and Statistics
Chapter 10: Getting Your Setup Just Right

Appendix A: Resources
Appendix B: A Note on Hardware Support