Topic: The OpenBSD PF Packet Filter Book: PF for *BSD's

The OpenBSD PF Packet Filter Book: PF for NetBSD, FreeBSD, DragonFly, and OpenBSD

http://www.lulu.com/items/volume_24/396000/396733/3/preview/zoom_396733.jpg

Stateful packet filtering, Network Address Translation (NAT), port forwarding, passive operating system fingerprinting, packet queueing and Quality of Service, load balancing, and redundant firewalls are available with OpenBSD's PF system. PF is known to be a proven, high-performance, and innovative packet filtering system. The PF sub-systems and related interfaces have been ported to the NetBSD, FreeBSD and DragonFly operating systems. This book introduces the common features and capabilities of PF and its related tools with many examples and steps for configuring and using PF on these operating systems. The book includes ample cross-referencing and a detailed index for easy research and reading.

A portion of the profit from the sales of this book will be sent to the OpenBSD project.

-> http://www.reedmedia.net/books/pf-book/

I have just bougth one!

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

From the description, it seems as if it isn't going to cover too much that is not in the pf faq on OpenBSD's site.

On the other hand, for $20.00, it's worth checking.

<@andre> i would be so much more efficient if i wasn't so stupid

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

Well I like to have a written version. I could print it yeah but : "A portion of the profit from the sales of this book will be sent to the OpenBSD project."

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

It also has some sectons (according to the listing) on working with spamd, graylisting, and the like.  Once you get it, be sure to review it for us.

<@andre> i would be so much more efficient if i wasn't so stupid

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

sure will

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

Well maybe this book could help the people using FreeBSD and NetBSD to try pf instead ipfw or ipf.

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

I use pf on NetBSD smile

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

dynek wrote:

I use pf on NetBSD smile

me too but someone else maybe not! tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

FWIW Dru Lavigne commented on the NYCBUG list, that she's received the book.  She said gurus probably wouldn't find anything new, but the rest of us would have many moments of "AHA!".  (Although she put it in lower case.  smile

<@andre> i would be so much more efficient if i wasn't so stupid

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

So! I received the book yesterday. It's about 170 pages of nice content !
What I think:
-It can be used by newcomers
-It can be used to improve your knowledge and learn new things
-It can also be used as pocket reference

They talk about how to get PF working on each BSD and what are the differences with the original version (OpenBSD's), how to protect your machines (really?), and how to "tweak" things.

What I liked the most: know the difference with OpenBSD's, the wide range of subjects, TCP flags, NAT explanation, Packet Queuing and Prioritization, Load Balancing, Authpf and CARP.

They choosed to not go too deep in rules examples so you don't get lost. It's easy to understand what they explain. Anybody can read this book.

One last thing, as I've said in the beginning it can be used as pocket reference. And that's nice !

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

Dru lavigne's review: http://blogs.ittoolbox.com/unix/bsd/arc … view-11565

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

and dynek is making himself famous there!

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

Playing with OBSD lately, I wound up ordering Michael Lucas' book.  (Should be here in a day or two.)

From the reviews, it has a few chapters on PF, so I'll check those out first.  After that, I'll probably wait for dynek's review. 

(Mr. Lucas' book, however, was written before CARP, IIRC)

<@andre> i would be so much more efficient if i wasn't so stupid

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

I am currently reading the book. First impressions are that the book is very compressed.
It has a freaking load of very interesting information. It also takes care to tell you why something you would do wouldn't work and how you should process to get it done.

Also they have made it easy for people to write rules after reading it cause they're pointing every common mistakes one would do (such as forget <> to specify a table's name or forget the 'quick' word if you're expecting the rule to get catched on the first shot).

Will prolly say more later smile

Maple is also more then welcome to second me !

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

My favorite part of the book is that it didnt waste the first 3 chapters explaining what UNIX was, it history, how to use man pages, etc. It just dives into it and expects if you are working with pf you have some knowledge. I wish more books were like this.

True.. so true...

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: The OpenBSD PF Packet Filter Book: PF for *BSD's

Ok, you guys have convinced me.  Ordering it now.

Thank you for the reviews. 

I suspect Dru might be right, but I am not a guru.

<@andre> i would be so much more efficient if i wasn't so stupid