|
The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall | 
 enlarge | Author: Peter Hansteen
Publisher: No Starch Press
Category: Book
List Price: $29.95
Buy New: $19.20
You Save: $10.75 (36%)
New (24) Used (6) from $19.20
Avg. Customer Rating:  6 reviews
Sales Rank: 62152
Format: Illustrated
Media: Paperback
Number Of Items: 1
Pages: 184
Shipping Weight (lbs): 0.8
Dimensions (in): 9.1 x 7 x 0.7
ISBN: 1593271654
Dewey Decimal Number: 005.8
EAN: 9781593271657
ASIN: 1593271654
Publication Date: January 11, 2008
Availability: Usually ships in 1-2 business days
Condition: All orders ship same business day via standard shipping (USPS Media Mail) if received by 1 PM CST.
|
| Editorial Reviews:
Product Description
OpenBSD's stateful packet filter, PF, offers an amazing feature set and support across the major BSD platforms. Like most firewall software though, unlocking PF's full potential takes a good teacher. Peter N.M. Hansteen's PF website and conference tutorials have helped thousands of users build the networks they need using PF. The Book of PF is the product of Hansteen's knowledge and experience, teaching good practices as well as bare facts and software options. Throughout the book, Hansteen emphasizes the importance of staying in control by having a written network specification, using macros to make rule sets more readable, and performing rigid testing when loading in new rules. Today's system administrators face increasing challenges in the quest for network quality, and The Book of PF can help by demystifying the tools of modern *BSD network defense. But, perhaps more importantly, because we know you like to tinker, The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to: - Create rule sets for all kinds of network traffic, whether it is crossing a simple home LAN, hiding behind NAT, traversing DMZs, or spanning bridges
- Use PF to create a wireless access point, and lock it down tight with authpf and special access restrictions
- Maximize availability by using redirection rules for load balancing and CARP for failover
- Use tables for proactive defense against would-be attackers and spammers
- Set up queues and traffic shaping with ALTQ, so your network stays responsive
- Master your logs with monitoring and visualization, because you can never be too paranoid
The Book of PF is written for BSD enthusiasts and network admins at any level of expertise. With more and more services placing high demands on bandwidth and increasing hostility coming from the Internet at-large, you can never be too skilled with PF.
|
| Customer Reviews: Read 1 more reviews...
 The Defacto Book on OpenBSD firewalls August 18, 2008
1 out of 1 found this review helpful
This book is great for all types of OpenBSD users. If you just want a to build a home router with better performance and more control, then this book is all you'll need. If you're looking to build an enterprise load balancer, this book is an excellent resource that you'd be hard pressed to live with out.
 Great Beginner Tutorial March 4, 2008
1 out of 1 found this review helpful
Mr. Hansteen, Did a rather good job of putting this book together. The chapters flowed well and one led into the next in a very logical manner. I especially found useful the sections on Round-robin and setting up wireless (Chapter 4 and 7).
Although I make a business of building firewalls I will be keeping this book close at hand. Sadly I only gave 3 stars as I felt the editing could have been better I found several errors with the sample scripts and rules and found it lacking with one or two advanced areas for the professionals would have made this a 5 star easy.
Intersting Intro to PF February 3, 2008
1 out of 2 found this review helpful
My background has and is mainly in Linux. I ordered this book because I had an interest in PF, and I was unable to test most of the examples of this book, due to the lack of an available machine that I could readily install openbsd on.
After reading this book, I would readily give up iptables for PF. I can't count the number of times I've come into a new job where I had to spend several hours deciphering the iptables rules loaded on a particular firewall to ensure I understand what all the rules are intended to do. I do love iptables and the power it provides but I don't believe anyone can claim it's user friendly or even remotely user friendly.
PF is OpenBSD Packet Filter. It differs from essentially every firewall product on the market in that a normal human being with a very rudimentary understanding of networking can come in, and look at the configuration files and be able to understand what is going on.
This particular book is by no means that comprehensive, nor is it a HOWTO, as the author states in the introduction. It does give a very brief introduction into some of the capabilities of PF, which includes: Setting up a firewall, Natting, Wireless networks, Queuing, Logging and Analyzing data traffic as well as a brief few pages on preventing brute force attacks and spam bot attacks.
For a curious audience that would like to learn more about the PF, it is an ideal book. If you expect to learn about the minute details and intricacies of PF, this isn't the book you want to get.
I enjoyed reading this book, and once again have an itch to learn more about OpenBSD, if I can tear myself away from gentoo long enough to see if I can get used to the various differences and intricacies that always tend to drive me up the wall whenever changing distributions and or operating systems. (To avoid flame wars, I am by no means claiming that OpenBSD or any BSD derivative is a linux distro).
Great book of PF without endless details January 24, 2008
8 out of 8 found this review helpful
Biased review ahead
This review is going to be biased. First of all I love OpenBSD, I love PF and I have meet Peter who is a nice guy to talk to.
But we are getting ahead here. This book is obviously about PF, what is that? PF is the Packet Filter developed for OpenBSD and then ported to several other BSD systems. PF is a modern firewall system which performs great, like many others, but which has a built-in language which makes it very easy to understand the ruleset and create a better firewall.
Note:
To be fair the filtering language of PF was in the first versions very similar to the IP Filter by Darren Reed. Credit goes to him for making IP Filter in the first place, I learnt a lot about firewalls from using it. As explained in the book PF was actually the child of need when IP Filter was removed from OpenBSD.
So PF was invented and at some time Peter Hansteen wrote his famous web page "Firewalling with OpenBSD's PF packet filter". From this source he has then managed with help from No Starch Press to produce an important book about the best firewall for Open Source systems.
Compared to web page version
With this source the first question from a potential reader might be, how does it compare to the web page. Why should I buy this when I can download and print.
The content of the book is arranged similarly to the web page, but better. The layout is better since the people at No Starch knows how to layout pages and the typography which makes reading a pleasure. Peter has also written new paragraphs and introductory sections which are much better and makes the overall reading from cover to cover better.
So to answer the question: the book is way better than the web page and easier to read.
Further the format, a book, as compared to printed paper is much nicer when sitting at home reading or as I did when you bring the book along to read a chapter.
Contents
Since not all have read the web page I will try to summarize what the book is about, and why it does matter as an extension of the current available reference and other information about PF.
The book is about PF, and not only about PF on OpenBSD. Since Peter uses PF on OpenBSD he does remind people that not all features are available on FreeBSD and NetBSD - but this book is not just about OpenBSD - it really is about PF.
The chapters of the book goes from enabling PF with the simplest possible rulesets on OpenBSD, FreeBSD and NetBSD through expected firewall/gateways to advanced networks like: wireless networks, bigger networks with DMZ subnets, bandwidth shaping with ALTQ and even logging and statistics. Judging from the number of pages it should not be possible, the book is only about 150 pages, but the way Peter has organized it makes it possible.
Writing style
Peter has a unique writing style and be warned, I don't think everybody will enjoy it, unless prepared for it. This book is not a HOWTO with complex and magic instructions which you can follow and not learn from. This book is about educating you the reader to become the local PF guru by having a master guide you onto the path and pushing you forward.
What you need to succeed with this book is access to a computer running OpenBSD, FreeBSD or NetBSD. You will need this access to try out the instructions and to learn. Peter is not spoonfeeding you - you will need to make an effort to learn, and learn by doing.
While you tinker with PF you also need access to the internet, not all the time - but when you want to check the state of PF in FreeBSD for example you will need to go to the FreeBSD PF web page. This information could of course have been included, but why? Including information that will soon be outdated is not the style for Peter, rather he has digested and decided to include references where appropriate and not include a lot of copy paste from other sources.
When Peter wrote this book he also makes it clear that he is not just teaching the available features, but the process of developing gateways with PF. His way of expanding simple "block in all" ruleset into a fully working examples with DMZ are fun to read and a beginner will learn not just the syntax of a firewall, but what makes a good firewall. If you need the syntax, which we all do, go to the materials from the extensive Appendix A with links to internet resources.
Having a book with the process is going to last longer than a book listing just the features in the current version. So this book will be worth it for years ahead, even though PF is in rapid development.
He also presents his view of the world, and while I might not agree to everything - I consider greylisting evil - he does make some good arguments about which features to use and why. He doesn't just present a solution, he explains the why in the solution. When you get more experience with PF and firewalls you can always modify his solution to fit your needs.
Target audience
From my viewpoint this book is for everyone who uses PF. Regardless of operating system and skill level this book will teach you something new and interesting. The instructions are precise enough to get the beginner started, while the seasoned PF user will be compelled to update rulesets to include the best current practice for improved readability and performance. I have used PF since it was included in OpenBSD and yet I have something to try out immediately.
Conclusion
This book is a great version of the "Firewalling with OpenBSD's PF packet filter" web page which is a joy to read from cover to cover. The content is presented in a compressed format that will make the interested reader eager to try PF in practice. Combined with the official PF User's guide it will make you proficient in PF.
I can recommend buying this book and at the same time download his online web page.
A big thank you goes to Peter, the OpenBSD project and especially Daniel Hartmeier for giving us PF.
[...]
VERY VERY HIGHLY RECOMMENDED!! January 8, 2008
3 out of 5 found this review helpful
Are you considering moving your setup to PF from some other system? If you are, then this book is for you. Author Peter Hansteen, has done an outstanding job of writing a book that is intended to be a stand-alone document to enable you to work on your machines.
Hansteen, begins with a background discussion of PF. Then, the author creates a very simple setup with PF. Next, he builds on that basic PF setup, but at the same time, he moves into more conventional territory: the packet-filtering gateway. The author also covers the basics of getting a wireless network up and running. He continues by building on the material from previous chapters, while trying to meet the real-life challenges of larger networks or even smaller ones with relatively demanding applications or users. Then, the author shows you how you can use built-in PF features such as tables and state-tracking options. Next, he shows you how to manage resource availability. The author continues by taking a closer look at PF logs in general and some of the tools you can use to extract and present useful information. Finally, the author wraps up by discussing some options and methods that will help you get the setup you need.
This most excellent book is mainly oriented toward users who edit their rule sets in their favorite text editor. In other words, the sample rule sets in this book are simple enough that you probably would not get a noticeable benefit from any of the visualization options the various GUI tools are known to offer.
|
|
|
Copyright 2008 - RailroadBookstore.com
| |
