What do you think?
Rate this book
The Book of PF, 2nd Edition: A No-Nonsense Guide to the OpenBSD Firewall
OpenBSD's stateful packet filter, PF, is the heart of the OpenBSD firewall and a necessity for any admin working in a BSD environment. With a little effort and this book, you'll gain the insight needed to unlock PF's full potential.
This second edition of The Book of PF has been completely updated and revised. Based on Peter N.M. Hansteen's popular PF website and conference tutorials, this no-nonsense guide covers NAT and redirection, wireless networking, spam fighting, failover provisioning, logging, and more. Throughout the book, Hansteen emphasizes the importance of staying in control with a written network specification, keeping rule sets readable using macros, and performing rigid testing when loading new rules.
The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:
Create rule sets for all kinds of network traffic, whether it's crossing a simple LAN, hiding behind NAT, traversing DMZs, or spanning bridges or wider networks Create wireless networks with access points, and lock them down with authpf and special access restrictions Maximize flexibility and service availability via CARP, relayd, and redirection Create adaptive firewalls to proactively defend against would-be attackers and spammers Implement traffic shaping and queues with ALTQ (priq, cbq, or hfsc) to keep your network responsive Master your logs with monitoring and visualization tools (including NetFlow)
The Book of PF is for BSD enthusiasts and network administrators at any skill level. With more and more services placing high demands on bandwidth and an increasingly hostile Internet environment, you can't afford to be without PF expertise.
This second edition of The Book of PF has been completely updated and revised. Based on Peter N.M. Hansteen's popular PF website and conference tutorials, this no-nonsense guide covers NAT and redirection, wireless networking, spam fighting, failover provisioning, logging, and more. Throughout the book, Hansteen emphasizes the importance of staying in control with a written network specification, keeping rule sets readable using macros, and performing rigid testing when loading new rules.
The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:
Create rule sets for all kinds of network traffic, whether it's crossing a simple LAN, hiding behind NAT, traversing DMZs, or spanning bridges or wider networks Create wireless networks with access points, and lock them down with authpf and special access restrictions Maximize flexibility and service availability via CARP, relayd, and redirection Create adaptive firewalls to proactively defend against would-be attackers and spammers Implement traffic shaping and queues with ALTQ (priq, cbq, or hfsc) to keep your network responsive Master your logs with monitoring and visualization tools (including NetFlow)
The Book of PF is for BSD enthusiasts and network administrators at any skill level. With more and more services placing high demands on bandwidth and an increasingly hostile Internet environment, you can't afford to be without PF expertise.
216 pages, Paperback
First published January 11, 2007
30 people are currently reading
149 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
February 23, 2008
This was a good book to read as I design my first multi-site, multi-hundred host network. I'll refer back to it often as I fine tune my pf.conf.
The author touches on many things a network admin can do with *bsd+pf, some of which I was familiar with, and a plenty of new features that'll be fun to incorporate in my network over the years. While this book feels like a big step beyond the PF FAQ, you'll still need to delve into the man pages frequently to do anything that isn't trivial (and then you'll have to google for examples to explain the terse man pages).
He insists that this book isn't a glorified PF HOWTO, but too often I was made to accept unsubstantiated motherly best practices instead of well-reasoned theory. Which is too bad, because as a glorified HOWTO, he glazes over too many essential fine points. I'm happier if I think of it more as a primer/survey of the topic.
The author touches on many things a network admin can do with *bsd+pf, some of which I was familiar with, and a plenty of new features that'll be fun to incorporate in my network over the years. While this book feels like a big step beyond the PF FAQ, you'll still need to delve into the man pages frequently to do anything that isn't trivial (and then you'll have to google for examples to explain the terse man pages).
He insists that this book isn't a glorified PF HOWTO, but too often I was made to accept unsubstantiated motherly best practices instead of well-reasoned theory. Which is too bad, because as a glorified HOWTO, he glazes over too many essential fine points. I'm happier if I think of it more as a primer/survey of the topic.
January 29, 2018
Good resource for large scale enterprise deployments of pfSense. Complete overkill and challenging for a home or SOHO deployment. I wound up using pfSense Community Edition with a GUI configuration interface, even though I prefer the command line for almost everything else. By utilizing the GUI, I could get better explanations of setup configurations. There was no mention in this book about pfBlockerNG plugin configuration, one of the most handy add-ons I found for pfSense.
What I'd love to find is a straightforward book for setting up pfSense in a home or home office with secure options and managing parental controls of kid's devices. Something that doesn't assume that everyone is a IT Network Guru. This book is well suited for these Gurus, but not for my needs.
What I'd love to find is a straightforward book for setting up pfSense in a home or home office with secure options and managing parental controls of kid's devices. Something that doesn't assume that everyone is a IT Network Guru. This book is well suited for these Gurus, but not for my needs.
May 18, 2020
Peter N.M. Hansteen is the authority on pf. Read the latest edition of this book, maybe read some of his articles, and set up your network!
To the newcomers, don't confuse this with pf from the FreeBSD world. This is specifically for OpenBSD.
To the newcomers, don't confuse this with pf from the FreeBSD world. This is specifically for OpenBSD.
April 18, 2020
A No-Nonsense guide to the OpenBSD firewall, is my new geeky book. It took 2 months to arrive, but it is finally here! Yuppie! :)
July 15, 2020
Clear and full of useful examples. A must for any network admin. I thought it might only be a book about PF tool, but it is also a book about understanding networks.
June 1, 2022
Fantastic book. All you need to master PF.
Displaying 1 - 6 of 6 reviews