Start reading The Book of PF on the free Kindle Reading App or on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here.
This title is not currently available for purchase
Sorry, this item is not available in
Image not available for
Image not available

The Book of PF [Kindle Edition]

Peter N.M. Hansteen
4.2 out of 5 stars  See all reviews (15 customer reviews)

Pricing information not available.

Free Kindle Reading App Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.

To get the free app, enter your email address or mobile phone number.


Amazon Price New from Used from
Kindle Edition --  
Paperback --  

Book Description

OpenBSD's stateful packet filter, PF, offers an amazing feature set and support across the major BSD platforms. Like most firewall software though, unlocking PF's full potential takes a good teacher.Peter N.M. Hansteen's PF website and conference tutorials have helped thousands of users build the networks they need using PF. The Book of PF is the product of Hansteen's knowledge and experience, teaching good practices as well as bare facts and software options. Throughout the book, Hansteen emphasizes the importance of staying in control by having a written network specification, using macros to make rule sets more readable, and performing rigid testing when loading in new rules.Today's system administrators face increasing challenges in the quest for network quality, and The Book of PF can help by demystifying the tools of modern *BSD network defense. But, perhaps more importantly, because we know you like to tinker, The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:Create rule sets for all kinds of network traffic, whether it is crossing a simple home LAN, hiding behind NAT, traversing DMZs, or spanning bridgesUse PF to create a wireless access point, and lock it down tight with authpf and special access restrictionsMaximize availability by using redirection rules for load balancing and CARP for failoverUse tables for proactive defense against would-be attackers and spammersSet up queues and traffic shaping with ALTQ, so your network stays responsiveMaster your logs with monitoring and visualization, because you can never be too paranoidThe Book of PF is written for BSD enthusiasts and network admins at any level of expertise. With more and more services placing high demands on bandwidth and increasing hostility coming from the Internet at-large, you can never be too skilled with PF.

Editorial Reviews

About the Author

Peter N. M. Hansteen is a consultant, writer and sysadmin based in Bergen, Norway. A longtime Freenix advocate, Hansteen is a frequent lecturer on FreeBSD and OpenBSD topics. His expertise as a documentation consultant (and humorous work with the RFC 1149 implementation team) have helped him gain regard in Norwegian IT publications. The Book of PF, Hansteen's first book, is an expanded follow-up to his very popular online PF tutorial.

Product Details

  • File Size: 2544 KB
  • Print Length: 184 pages
  • Publisher: No Starch Press; 1 edition (August 20, 2009)
  • Language: English
  • ASIN: B002N3M6TK
  • Text-to-Speech: Enabled
  • X-Ray:
  • Word Wise: Not Enabled
  • Lending: Not Enabled
  • Amazon Best Sellers Rank: #1,196,864 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?

Customer Reviews

Most Helpful Customer Reviews
15 of 17 people found the following review helpful
5.0 out of 5 stars Great book of PF without endless details January 24, 2008
Biased review ahead
This review is going to be biased. First of all I love OpenBSD, I love PF and I have meet Peter who is a nice guy to talk to.

But we are getting ahead here. This book is obviously about PF, what is that? PF is the Packet Filter developed for OpenBSD and then ported to several other BSD systems. PF is a modern firewall system which performs great, like many others, but which has a built-in language which makes it very easy to understand the ruleset and create a better firewall.

To be fair the filtering language of PF was in the first versions very similar to the IP Filter by Darren Reed. Credit goes to him for making IP Filter in the first place, I learnt a lot about firewalls from using it. As explained in the book PF was actually the child of need when IP Filter was removed from OpenBSD.

So PF was invented and at some time Peter Hansteen wrote his famous web page "Firewalling with OpenBSD's PF packet filter". From this source he has then managed with help from No Starch Press to produce an important book about the best firewall for Open Source systems.

Compared to web page version
With this source the first question from a potential reader might be, how does it compare to the web page. Why should I buy this when I can download and print.

The content of the book is arranged similarly to the web page, but better. The layout is better since the people at No Starch knows how to layout pages and the typography which makes reading a pleasure. Peter has also written new paragraphs and introductory sections which are much better and makes the overall reading from cover to cover better.

So to answer the question: the book is way better than the web page and easier to read.
Read more ›
Comment | 
Was this review helpful to you?
15 of 18 people found the following review helpful
I was excited to see a new book on Pf on the market. Three years ago I read and reviewed Building Firewalls with OpenBSD and PF (BFWOAP) by Jacek Artymiak and gave it five stars. I hoped The Book of Pf (TBOP) would acknowledge the best ideas in BFWOAP and expand into Pf developments of the last three years. TBOP is strong when it addresses how to install or use Pf on operating systems other than OpenBSD. Elsewhere, the book is too weak to merit more than three stars.

Let me start with the positive aspects of TBOP. First, it appears to be technically correct. I am not a Pf expert, but the recommendations made sense. The technical editor is an OpenBSD expert and Pf developer, so I am confident the text is accurate! Second, the author did an excellent job explaining how to install and use Pf on OpenBSD, FreeBSD, and NetBSD. I use FreeBSD extensively on servers, and I did not feel left out at all. The author was quick to point out quirks affecting Pf on non-OpenBSD platforms. Third, I liked the chapter on Pf monitoring (Ch 8) but thought it was way too brief.

Turning to the negative side, the first problem involves introducing technical concepts. One of the major rules governing book-writing is to properly explain technical items before including them. For example, p 39 includes the term "static-port" in a configuration. This is not explained anywhere. On p 43 we see "OS = OpenBSD", again with no explanation. On p 65 "set skip" is used, but at least there is some mention of it again on p 123. If you tell me to read the man pages to figure out what these terms mean, why should anyone read this book? The author should examine how Michael Lucas or Mike Rash describe technical details.
Read more ›
Was this review helpful to you?
3 of 3 people found the following review helpful
5.0 out of 5 stars A very accessible book on OpenBSD's PF firewall October 6, 2008
If you're looking for information about the OpenBSD packet filter program "pf", you may have noticed a gaping hole on bookstore shelves. Two books that I have read on pf are "Building Firewalls with OpenBSD and PF, 2nd Edition" by Jacek Artymiak and the No Starch Press title, "The Book of PF", by Peter N.M. Hansteen.

"The Book of PF" is by far the easier of the two books to digest and will help you get up to speed very quickly. It's a short book, weighing in at 145 pages. The example rule sets are simple to follow and very thoroughly documented.

Hansteen helps you navigate through pf's basic configuration and then takes you through more advanced topics like wireless networks and how to deal with 'bigger or trickier networks'. There is also a treatment of OpenBSD's spamd program, designed to help you combat spam on your network.

You'll find a chapter on Alternate Queuing (ALTQ) and Common Address Redundancy Protocol (CARP). ALTQ provides a way to shape the traffic on your network and was integrated into pf for the OpenBSD 3.3 release. CARP was added to OpenBSD in release 3.5 to address the issue of high availability and uninterrupted service.

A chapter covering Logging, Monitoring, and Statistics helps bring it all together for the network administrator. Hansteen closes out the text with a chapter titled "Getting Your Setup Just Right" that provides a last-minute review of some of the most important configuration options.

If you're interested in "The Book of PF", most likely you're already familiar with OpenBSD - one of the most secure operating systems available today. If you're ready to enhance OpenBSD's default security, pick up a copy of this book and spend some time with the pf program.
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
5.0 out of 5 stars PF, and Also Many Related Topics
I'm a programmer, not a network admin. I found this book useful for getting started with PF and network security in general. Read more
Published 4 months ago by Brandon
5.0 out of 5 stars Perfect guide
Like all 'No Starch' books, this one delivers. Well organized and to the point. If you have computer security concerns, using a BSD OS and setting up PF is the way to go
Published 7 months ago by david froh
2.0 out of 5 stars Not good, you get more from the man page
I was surprised that this book didn't cover the basics of pf. The reserved words, configuration syntax, statement order are not covered. Read more
Published 19 months ago by Amazon Customer
5.0 out of 5 stars Good review for PF
This book doesn't really concern itself with the installation of OpenBSD or various other configuration aspects, just PF. It's straight and to the point. Read more
Published 20 months ago by Amazon Customer
5.0 out of 5 stars Great Overview
There are plenty of resources on the web that you can piece together to get PF functional. What I found difficult was to get a broader overview of PF with the implementation... Read more
Published on June 27, 2012 by C. Ashley White
5.0 out of 5 stars An invaluable tool, and highly recommended
Just because you're not using Windows doesn't decrease the high value of security. "The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall" seeks to educate readers and users... Read more
Published on January 18, 2011 by Midwest Book Review
4.0 out of 5 stars Great Book for Middle of the Road N00bs
I like brevity so I am going to stick with it on my review. This book was easy to read and follow as the author progressed. Read more
Published on March 15, 2010 by D. S. Alanis
2.0 out of 5 stars Weak. Really weak.
This book, unfirtunately, is not much more than a mix of manuals and well-known HowTo's spread over Internet. I could as well print them to have them at hand. Read more
Published on November 14, 2009 by Alexander Povolotsky
4.0 out of 5 stars Well written, but light in much of its coverage
Hansteen has put together a mostly well written, OS-independent guide to PF. He states he "made a conscious decision early on to introduce you to its methods via interesting and... Read more
Published on January 2, 2009 by Christopher M. Buechler
5.0 out of 5 stars The Defacto Book on OpenBSD firewalls
This book is great for all types of OpenBSD users. If you just want a to build a home router with better performance and more control, then this book is all you'll need. Read more
Published on August 17, 2008 by Michael R. Schenck
Search Customer Reviews
Search these reviews only


There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
First post:
Prompts for sign-in

Look for Similar Items by Category