A solid understanding of OpenBSD's PF subsystem is a necessity for any network administrator working in a BSD environment. PF is the heart of the OpenBSD firewall but there are few quality books and resources for learning PF, which is often a difficult tool to master. This second edition of The Book of PF is an up-to-date, no-nonsense guide to harnessing the power of PF. Author Peter Hansteen covers NAT (network address translation) and redirection, wireless networking, spam fighting, failover provisioning, logging, and more. New additions include coverage of CARP load balancing, and expanded coverage of traffic shaping (including ALTQ queue disciplines such as HFSC), and logging and monitoring. Written for anyone who has felt lost in PF's manual pages or baffled by its massive feature set, The Book of PF, 2nd Edition will help you confidently build the high-performance, secure, low maintenance network you need. (This edition also reflects new developments in OpenBSD, PF, FreeBSD 8.0, and NetBSD 5.)

Table of Contents

PRAISE FOR THE FIRST EDITION OF THE BOOK OF PF; Dedication; Foreword; Acknowledgments; Introduction; This Is Not a HOWTO; What This Book Covers; Chapter 1: Building the Network You Need; 1.1 Your Network: High Performance, Low Maintenance, and Secure; 1.2 Where the Packet Filter Fits In; 1.3 The Rise of PF; 1.4 If You Came from Elsewhere; 1.5 A Little Encouragement: A PF Haiku; Chapter 2: PF Configuration Basics; 2.1 The First Step: Enabling PF; 2.2 A Simple PF Rule Set: A Single, Stand-Alone Machine; 2.3 Slightly Stricter: Using Lists and Macros for Readability; 2.4 Displaying Information About Your System; 2.5 Looking Ahead; Chapter 3: Into the Real World; 3.1 A Simple Gateway; 3.2 That Sad Old FTP Thing; 3.3 Making Your Network Troubleshooting Friendly; 3.4 Tables Make Your Life Easier; Chapter 4: Wireless Networks Made Easy; 4.1 A Little IEEE 802.11 Background; 4.2 Setting Up a Simple Wireless Network; 4.3 Guarding Your Wireless Network with authpf; Chapter 5: Bigger or Trickier Networks; 5.1 A Web Server and Mail Server on the Inside - Routable Addresses; 5.2 A Web Server and Mail Server on the Inside - the NAT Version; 5.3 Filtering on Interface Groups; 5.4 The Power of Tags; 5.5 The Bridging Firewall; 5.6 Handling Nonroutable Addresses from Elsewhere; Chapter 6: Turning the Tables for Proactive Defense; 6.1 Turning Away the Brutes; 6.2 Giving Spammers a Hard Time with spamd; 6.3 Spam-Fighting Tips; Chapter 7: Queues, Shaping, and Redundancy; 7.1 Directing Traffic with ALTQ; 7.2 Setting Up Queues; 7.3 Redundancy and Failover: CARP and pfsync; Chapter 8: Logging, Monitoring, and Statistics; 8.1 PF Logs: The Basics; 8.2 Additional Tools for PF Logs and Statistics; 8.3 Log Data as the Basis for Effective Debugging; Chapter 9: Getting Your Setup Just Right; 9.1 Things You Can Tweak and What You Probably Should Leave Alone; 9.2 Cleaning Up Your Traffic; 9.3 Testing Your Setup; 9.4 Debugging Your Rule Set; 9.5 Know Your Network and Stay in Control; Resources; General Networking and BSD Resources on the Internet; Sample Configurations and Related Musings; PF on Other BSD Systems; BSD and Networking Books; Wireless Networking Resources; spamd and Greylisting-Related Resources; Book-Related Web Resources; Buy OpenBSD CDs and Donate!; A Note on Hardware Support; Getting the Right Hardware; Issues Facing Hardware Support Developers; How to Help the Hardware Support Efforts; Colophon; Updates;