Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
The Book of PF
PRAISE FOR THE FIRST EDITION OF THE BOOK OF PF Foreword Acknowledgments Introduction
This Is Not a HOWTO What This Book Covers
1. Building the Network You Need
Your Network: High Performance, Low Maintenance, and Secure Where the Packet Filter Fits In The Rise of PF If You Came from Elsewhere
Pointers for Linux Users Frequently Answered Questions About PF
Can I run PF on my Linux machine? Can you recommend a GUI tool for managing my PF rule set? Is there a tool I can use to convert my OtherProduct ® setup to a PF configuration? Why did the PF rules syntax change all of a sudden? Where can I find out more?
A Little Encouragement: A PF Haiku
2. PF Configuration Basics
The First Step: Enabling PF
Setting Up PF on OpenBSD Setting Up PF on FreeBSD Setting Up PF on NetBSD
A Simple PF Rule Set: A Single, Stand-Alone Machine
A Minimal Rule Set Testing the Rule Set
Slightly Stricter: Using Lists and Macros for Readability
A Stricter Baseline Rule Set Reloading the Rule Set and Looking for Errors Checking Your Rules Testing the Changed Rule Set
Displaying Information About Your System Looking Ahead
3. Into the Real World
A Simple Gateway
Keep It Simple: Avoid the Pitfalls of in, out, and on Network Address Translation vs. IPv6 Final Preparations: Defining Your Local Network Setting Up a Gateway Testing Your Rule Set
That Sad Old FTP Thing
If We Must: ftp-proxy with Redirection
Making Your Network Troubleshooting Friendly
Do We Let It All Through? The Easy Way Out: The Buck Stops Here Letting ping Through Helping traceroute Path MTU Discovery
Tables Make Your Life Easier
4. Wireless Networks Made Easy
A Little IEEE 802.11 Background
MAC Address Filtering WEP WPA The Right Hardware for the Task
Setting Up a Simple Wireless Network
An OpenBSD WPA Access Point A FreeBSD WPA Access Point The Access Point's PF Rule Set Access Points with Three or More Interfaces Handling IPSec, VPN Solutions The Client Side
OpenBSD Setup FreeBSD Setup
Guarding Your Wireless Network with authpf
A Basic Authenticating Gateway Wide Open but Actually Shut
5. Bigger or Trickier Networks
A Web Server and Mail Server on the Inside—Routable Addresses
A Degree of Separation: Introducing the DMZ Sharing the Load: Redirecting to a Pool of Addresses Getting Load Balancing Right with relayd
A Web Server and Mail Server on the Inside—the NAT Version
DMZ with NAT Redirection for Load Balancing Back to the Single NATed Network
Filtering on Interface Groups The Power of Tags The Bridging Firewall
Basic Bridge Setup on OpenBSD Basic Bridge Setup on FreeBSD Basic Bridge Setup on NetBSD The Bridge Rule Set
Handling Nonroutable Addresses from Elsewhere
6. Turning the Tables for Proactive Defense
Turning Away the Brutes
SSH Brute-Force Attacks Setting Up an Adaptive Firewall Tidying Your Tables with pfctl
Giving Spammers a Hard Time with spamd
Network-Level Behavior Analysis and Blacklisting
Setting Up spamd in Blacklisting Mode spamd Logging
Greylisting: My Admin Told Me Not to Talk to Strangers
Setting Up spamd in Greylisting Mode Greylisting in Practice
Tracking Your Real Mail Connections: spamlogd Greytrapping
Setting Up a Traplist
Managing Lists with spamdb
Updating Lists Keeping spamd Greylists in Sync
Detecting Out-of-Order MX Use Handling Sites That Do Not Play Well with Greylisting
Spam-Fighting Tips
7. Queues, Shaping, and Redundancy
Directing Traffic with ALTQ
Basic ALTQ Concepts Queue Schedulers, aka Queue Disciplines
priq cbq hfsc
Setting Up ALTQ
ALTQ on OpenBSD ALTQ on FreeBSD ALTQ on NetBSD
Setting Up Queues
Priority-Based Queues
A Real-World Example Using a match Rule for Queue Assignment
Class-Based Bandwidth Allocation for Small Networks
Queue Definition Rule Set
A Basic HFSC Traffic Shaper
Queue Definition Rule Set
Queueing for Servers in a DMZ Using ALTQ to Handle Unwanted Traffic
Overloading to a Tiny Queue Queue Assignments Based on Operating System Fingerprint
Redundancy and Failover: CARP and pfsync
The Project Specification: A Redundant Pair of Gateways Setting Up CARP
Checking Kernel Options Setting sysctl Values Setting Up Network Interfaces with ifconfig
Keeping States Synchronized: Adding pfsync Putting Together a Rule Set CARP for Load Balancing
8. Logging, Monitoring, and Statistics
PF Logs: The Basics
Logging All Packets: log (all) Logging to Several pflog Interfaces Logging to Syslog, Local or Remote Tracking Statistics for Each Rule with Labels
Additional Tools for PF Logs and Statistics
Keeping an Eye on Things with systat Keeping an Eye on Things with pftop Graphing Your Traffic with pfstat Collecting NetFlow Data with pflow(4)
Setting Up the NetFlow Sensor NetFlow Data Collecting, Reporting, and Analysis
Collecting NetFlow Data with pfflowd SNMP Tools and PF-Related SNMP MIBs
Log Data as the Basis for Effective Debugging
9. Getting Your Setup Just Right
Things You Can Tweak and What You Probably Should Leave Alone
Block Policy Skip Interfaces State Policy State Defaults Timeouts Limits Debug Rule Set Optimization Optimization Fragment Reassembly
Cleaning Up Your Traffic
Packet Normalization with scrub Protecting Against Spoofing with antispoof
Testing Your Setup Debugging Your Rule Set Know Your Network and Stay in Control
A. Resources
General Networking and BSD Resources on the Internet Sample Configurations and Related Musings PF on Other BSD Systems BSD and Networking Books Wireless Networking Resources spamd and Greylisting-Related Resources Book-Related Web Resources Buy OpenBSD CDs and Donate!
B. A Note on Hardware Support
Getting the Right Hardware Issues Facing Hardware Support Developers How to Help the Hardware Support Efforts
Index About the Author Colophon C. Updates
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion