- Paperback: 248 pages
- Publisher: No Starch Press; 3 edition (October 18, 2014)
- Language: English
- ISBN-10: 9781593275891
- ISBN-13: 978-1593275891
- ASIN: 1593275897
- Product Dimensions: 7 x 0.5 x 9.2 inches
- Shipping Weight: 1 pounds (View shipping rates and policies)
- Average Customer Review: 14 customer reviews
- Amazon Best Sellers Rank: #599,343 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall 3rd Edition
Use the Amazon App to scan ISBNs and compare prices.
There is a newer edition of this item:
Frequently bought together
Customers who bought this item also bought
About the Author
Peter N. M. Hansteen is a consultant, writer, and sysadmin based in Bergen, Norway. A longtime Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional contributor to BSD Magazine, and the author of an often-slashdotted blog (http://bsdly.blogspot.com/). Hansteen was a participant in the original RFC 1149 implementation team. The Book of PF is an expanded follow-up to his very popular online PF tutorial (http://home.nuug.no/~peter/pf/).
Try the Kindle edition and experience these great reading features:
Showing 1-8 of 14 reviews
There was a problem filtering reviews right now. Please try again later.
The only part of the book that I thought could have been done better was chapter 5 (DMZs). The author jumped between a DMZ on the same RFC 1918 subnet (via NAT/port forwarding) and a DMZ on a separate RFC 1918 subnet (still port-forwarded). Perhaps forking the running rule set in that chapter to illustrate both approaches would have been clearer and easier to follow than cutting the rule set over in a back and forth fashion as the DMZ approach changed in the discussion. I also would have liked to have seen a more developed example rule set of a DMZ that uses public IPs and a LAN that uses NAT/RFC 1918 addresses complete with rules for accessing the DMZ public IP servers from the LAN network. Some flipping between the examples in chapter 5 and the PF man page got me where I wanted to be though.
Its a great book overall that vastly improved my knowledge of PF. I'm so happy to now have a solid and secure OpenBSD network appliance that I can understand in detail how it works.
He also tried to make the book concise/short by explaining things straight to the point and this is another reason why is hard to understand in some cases. He is a genius and knows his stuff very well but he needs to take some pointers from Michael W Lucas' work. Mr Hansteen reminds me of Charles Petzold's technical knowledge but 1,000% drier and more difficult to follow.
Example#1: pg. 60 "The other relevant bits of /etc/pf.conf follow ....." then he starts breaking down the pf.conf file but this file is nowhere to be found. Actually it is in there, but on pg 63. This is small and doesn't take a genius to figure out but quite honestly it also doesn't take a genius to fix it. i.e. tell the reader where the file is, or even better, present the file to the reader first and then start breaking it down.
Example #2: The author explains that setting up network interfaces are of little interest to us and extremely easy to do, and that's why he doesn't care to show how to do it. Same goes for setting up a DHCP server. I'm sorry Mr Hansteen, but I couldn't disagree more. Yes, setting up interfaces and a DHCP server are easy things to do but I had to buy the "Absolute OpenBSD" book from Michael W. Lucas to figure out how to do them. This could've taken you 3 pages to explain in full depth. Also, how can the network interfaces not be "too interesting" in our context, pf is a network packet filter, and there is no network without network interfaces.
Finally, for those of you thinking about buying this book or work with PF at all, especially professionally:
BUY THIS BOOK. THERE IS NO BETTER RESOURCE OUT THERE FOR PF!!!
Simply be aware that you also need Michael W Lucas's Absolute OpenBSD book. Also, don't forget your man pages and OpenBSD's FAQ section. That FAQ section is truly amazing!
This book is great in so many ways. The content is phenomenal. The author starts with a bare bone configuration and builds on that from chapter to chapter. There are great examples about pretty much any setups that can be used in the real world. Really, ANY!
Update #1: November 13th 2018
I have to down grade this book. The author of this book is simply not a good teacher. Full of knowledge yes, but can't explain it well. SO MANY ASSUMPTIONS. HE DOESN'T STOP TO EXPLAIN ANYTHING! I've never seen a technical book so badly written. The sad part is, the content is great: after you spend a couple of days between the man pages, additional articles and tutorials on the web, and re-reading the book pages over and over. This book has made my experience with PF terrible! I'm sorry Mr Hansteen, but you need to re-write this book. Partner up please. This book should've been many more pages long.
If you want to give OpenBSD's PF a try for your home lab or work network, I would definitely recommend this book to you.
For the past few years, I have been managing a good-size network protected by a couple CARP-ed OpenBSD servers and this book (and it's 2nd edition) have helped me a great deal. Peter Hansteen knows what he is talking about. I recommend watching this interview with him on BSD Now:
Also, I highly recommend getting Michael W Lucas's book "Absolute OpenBSD" http://www.amazon.com/Absolute-OpenBSD-Unix-Practical-Paranoid/dp/1593274769/ref=sr_1_1?s=books&ie=UTF8&qid=1424148306&sr=1-1&keywords=absolute+openbsd
Peter Hansteen and Michael W Lucas are two fine sysadmins who also happen to be great writers.
But here, the book is needed. Clear, with good explanations of why, so that you can use the ideas not just the examles
just name a network service. All of this in OpenBSD is connected to the the well designed and well
documented PF (Packet Filter).
This book is a good companion to the man pages, highly reccomended to all system managers
who build network services using OpenBSD.