Ebook: The book of pf: a no-nonsense guide to the openbsd firewall

OpenBSD's stateful packet filter, PF, is the heart of the OpenBSD firewall. With more and more services placing high demands on bandwidth and an increasingly hostile Internet environment, no sysadmin can afford to be without PF expertise. The third edition of The Book of PF covers the most up-to-date developments in PF, including new content on IPv6, dual stack configurations, the "queues and priorities" traffic-shaping system, NAT and redirection, wireless networking, spam fighting, failover provision ing, logging, and more. You'll also learn how to: -Create rule sets for all kinds of network traffic, whether crossing a simple LAN, hiding behind NAT, traversing DMZs, or spanning bridges or wider networks -Set up wireless networks with access points, and lock them down using authpf and special access restrictions -Maximize flexibility and service availability via CARP, relayd, and redirection -Build adaptive firewalls to proactively defend against attackers and spammers -Harness OpenBSD's latest traffic-shaping system to keep your network responsive, and convert your existing ALTQ configurations to the new system -Stay in control of your traffic with monitoring and visualization tools (including NetFlow) The Book of PF is the essential guide to building a secure network with PF. With a little effort and this book, you'll be well prepared to unlock PF's full potential.;Praise for The Book of PF -- Foreword -- Acknowledgments -- Introduction -- This Is Not a HOWTO -- What This Book Covers -- Chapter 1: Building the Network You Need -- Your Network: High Performance, Low Maintenance, and Secure -- Where the Packet Filter Fits In -- The Rise of PF -- If You Came from Elsewhere -- Pointers for Linux Users -- Frequently Answered Questions About PF -- A Little Encouragement: A PF Haiku -- Chapter 2: PF Configuration Basics -- The First Step: Enabling PF -- Setting Up PF on OpenBSD -- Setting Up PF on FreeBSD -- Setting Up PF on NetBSD -- A Simple PF Rule Set: A Single, Stand-Alone Machine -- A Minimal Rule Set -- Testing the Rule Set -- Slightly Stricter: Using Lists and Macros for Readability -- A Stricter Baseline Rule Set -- Reloading the Rule Set and Looking for Errors -- Checking Your Rules -- Testing the Changed Rule Set -- Displaying Information About Your System -- Looking Ahead -- Chapter 3: Into the Real World -- A Simple Gateway -- Keep It Simple: Avoid the Pitfalls of in, out, and on -- Network Address Translation vs. IPv6 -- Final Preparations: Defining Your Local Network -- Setting Up a Gateway -- Testing Your Rule Set -- That Sad Old FTP Thing -- If We Must: ftp-proxy with Divert or Redirect -- Variations on the ftp-proxy Setup -- Making Your Network Troubleshooting-Friendly -- Do We Let It All Through? -- The Easy Way Out: The Buck Stops Here -- Letting ping Through -- Helping traceroute -- Path MTU Discovery -- Tables Make Your Life Easier -- Chapter 4: Wireless Networks Made Easy -- A Little IEEE 802.11 Background -- MAC Address Filtering -- WEP -- WPA -- The Right Hardware for the Task -- Setting Up a Simple Wireless Network -- An OpenBSD WPA Access Point -- A FreeBSD WPA Access Point -- The Access Point's PF Rule Set -- Access Points with Three or More Interfaces -- Handling IPSec, VPN Solutions.