Book of PF, 2nd Edition

A No-Nonsense Guide to the OpenBSD Firewall
by Peter N.M. Hansteen

November 2010, 216 pp.
ISBN: 978-1-59327-274-6

OpenBSD's stateful packet filter, PF, is the heart of the OpenBSD firewall and a necessity for any admin working in a BSD environment. With a little effort and this book, you'll gain the insight needed to unlock PF’s full potential.

This second edition of The Book of PF has been completely updated and revised. Based on Peter N.M. Hansteen's popular PF website and conference tutorials, this no-nonsense guide covers NAT and redirection, wireless networking, spam fighting, failover provisioning, logging, and more. Throughout the book, Hansteen emphasizes the importance of staying in control with a written network specification, keeping rule sets readable using macros, and performing rigid testing when loading new rules.

The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:

  • Create rule sets for all kinds of network traffic, whether it’s crossing a simple LAN, hiding behind NAT, traversing DMZs, or spanning bridges or wider networks
  • Create wireless networks with access points, and lock them down with authpf and special access restrictions
  • Maximize flexibility and service availability via CARP, relayd, and redirection
  • Create adaptive firewalls to proactively defend against would-be attackers and spammers
  • Implement traffic shaping and queues with ALTQ (priq, cbq, or hfsc) to keep your network responsive
  • Master your logs with monitoring and visualization tools (including NetFlow)

The Book of PF is for BSD enthusiasts and network administrators at any skill level. With more and more services placing high demands on bandwidth and an increasingly hostile Internet environment, you can't afford to be without PF expertise.

About the Author

Peter N.M. Hansteen is a consultant, writer, and sysadmin based in Bergen, Norway. A longtime Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional contributor to BSD Magazine, and one of the original members of the RFC 1149 implementation team. He writes a frequently slashdotted blog ( and is the author of the highly regarded PF tutorial (

Table of Contents

Foreword by Bob Beck

Chapter 1: Building the Network You Need
Chapter 2: PF Configuration Basics
Chapter 3: Into the Real World
Chapter 4: Wireless Networks Made Easy
Chapter 5: Bigger or Trickier Networks
Chapter 6: Turning the Tables for Proactive Defense
Chapter 7: Queues, Shaping, and Redundancy
Chapter 8: Logging, Monitoring, and Statistics
Chapter 9: Getting Your Setup Just Right

Appendix A: Resources
Appendix B: A Note on Hardware Support

View the detailed Table of Contents (PDF).
View the Index (PDF).



The Book of PF, 2nd Edition "is a must-have text for anyone deploying and maintaining PF firewalls—even if only on your personal computer."
—TechRepublic (Read More)



(show updates)(top)