- Paperback: 248 pages
- Publisher: No Starch Press; 3 edition (October 18, 2014)
- Language: English
- ISBN-10: 1593275897
- ISBN-13: 978-1593275891
- Product Dimensions: 7 x 0.5 x 9.2 inches
- Shipping Weight: 1 pounds (View shipping rates and policies)
- Average Customer Review: 13 customer reviews
- Amazon Best Sellers Rank: #929,607 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall 3rd Edition
Use the Amazon App to scan ISBNs and compare prices.
There is a newer edition of this item:
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
About the Author
Peter N. M. Hansteen is a consultant, writer, and sysadmin based in Bergen, Norway. A longtime Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional contributor to BSD Magazine, and the author of an often-slashdotted blog (http://bsdly.blogspot.com/). Hansteen was a participant in the original RFC 1149 implementation team. The Book of PF is an expanded follow-up to his very popular online PF tutorial (http://home.nuug.no/~peter/pf/).
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
The only part of the book that I thought could have been done better was chapter 5 (DMZs). The author jumped between a DMZ on the same RFC 1918 subnet (via NAT/port forwarding) and a DMZ on a separate RFC 1918 subnet (still port-forwarded). Perhaps forking the running rule set in that chapter to illustrate both approaches would have been clearer and easier to follow than cutting the rule set over in a back and forth fashion as the DMZ approach changed in the discussion. I also would have liked to have seen a more developed example rule set of a DMZ that uses public IPs and a LAN that uses NAT/RFC 1918 addresses complete with rules for accessing the DMZ public IP servers from the LAN network. Some flipping between the examples in chapter 5 and the PF man page got me where I wanted to be though.
Its a great book overall that vastly improved my knowledge of PF. I'm so happy to now have a solid and secure OpenBSD network appliance that I can understand in detail how it works.
If you want to give OpenBSD's PF a try for your home lab or work network, I would definitely recommend this book to you.
For the past few years, I have been managing a good-size network protected by a couple CARP-ed OpenBSD servers and this book (and it's 2nd edition) have helped me a great deal. Peter Hansteen knows what he is talking about. I recommend watching this interview with him on BSD Now:
Also, I highly recommend getting Michael W Lucas's book "Absolute OpenBSD" http://www.amazon.com/Absolute-OpenBSD-Unix-Practical-Paranoid/dp/1593274769/ref=sr_1_1?s=books&ie=UTF8&qid=1424148306&sr=1-1&keywords=absolute+openbsd
Peter Hansteen and Michael W Lucas are two fine sysadmins who also happen to be great writers.
just name a network service. All of this in OpenBSD is connected to the the well designed and well
documented PF (Packet Filter).
This book is a good companion to the man pages, highly reccomended to all system managers
who build network services using OpenBSD.
But here, the book is needed. Clear, with good explanations of why, so that you can use the ideas not just the examles