The Book of PF, 3rd Edition

Book of PF, 3rd Edition

A No-Nonsense Guide to the OpenBSD Firewall
by Peter N. M. Hansteen
October 2014, 248 pp.
ISBN-13: 
9781593275891

"This book left me totally impressed at the breadth of capabilities offered by PF...I can recommend it to anyone with an interest (professional or otherwise) in network management."
—Computing Reviews (Read more)

OpenBSD’s stateful packet filter, PF, is the heart of the OpenBSD firewall. With more and more services placing high demands on bandwidth and an increasingly hostile Internet environment, no sysadmin can afford to be without PF expertise.

The third edition of The Book of PF covers the most up-to-date developments in PF, including new content on IPv6, dual stack configurations, the “queues and priorities” traffic-shaping system, NAT and redirection, wireless networking, spam fighting, failover provisioning, logging, and more.

You’ll also learn how to:

  • Create rule sets for all kinds of network traffic, whether crossing a simple LAN, hiding behind NAT, traversing DMZs, or spanning bridges or wider networks
  • Set up wireless networks with access points, and lock them down using authpf and special access restrictions
  • Maximize flexibility and service availability via CARP, relayd, and redirection
  • Build adaptive firewalls to proactively defend against attackers and spammers
  • Harness OpenBSD’s latest traffic-shaping system to keep your network responsive, and convert your existing ALTQ configurations to the new system
  • Stay in control of your traffic with monitoring and visualization tools (including NetFlow)

The Book of PF is the essential guide to building a secure network with PF. With a little effort and this book, you’ll be well prepared to unlock PF’s full potential.

Author Bio 

Peter N. M. Hansteen is a consultant, writer, and sysadmin based in Bergen, Norway. A longtime Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional contributor to BSD Magazine, and the author of an often-slashdotted blog (http://bsdly.blogspot.com/). Hansteen was a participant in the original RFC 1149 implementation team. The Book of PF is an expanded follow-up to his very popular online PF tutorial (http://home.nuug.no/~peter/pf/).

Table of contents 

Introduction
Chapter 1:
Building the Network You Need
Chapter 2: PF Configuration Basics
Chapter 3: Into the Real World
Chapter 4: Wireless Networks Made Easy
Chapter 5: Bigger or Trickier Networks
Chapter 6: Turning the Tables for Proactive Defense
Chapter 7: Traffic Shaping with Queues and Priorities
Chapter 8: Redundancy and Resource Availability
Chapter 9: Logging, Monitoring, and Statistics
Chapter 10: Getting Your Setup Just Right

Appendix A: Resources
Appendix B: A Note on Hardware Support

Index

View the detailed Table of Contents (PDF).
View the Index (PDF).

Reviews 

"If you need to do firewalling, routing, network traffic control, NAT, wireless networking with an intuitive configuration syntax at zero software cost, choose PF. And buy this book."
Andy Thomas for Floss UK

"Highly recommended."
Defensive Depth

"If you use PF on any platform, buy this book."
Michael Lucas

"Explains tough networking situations clearly and dives deep into the capabilities of PF."
Jesse Smith for Distrowatch

"A must have for any PF beginner."
aboutbsd.net