The Book of PF : A No-Nonsense Guide to the OpenBSD Firewall, 2/e (Paperback)
暫譯: PF 實用手冊:OpenBSD 防火牆無懈可擊的指南,第二版 (平裝本)

Peter N. M. Hansteen

  • 出版商: No Starch Press
  • 出版日期: 2010-11-22
  • 定價: $990
  • 售價: 5.0$495
  • 語言: 英文
  • 頁數: 216
  • 裝訂: Paperback
  • ISBN: 159327274X
  • ISBN-13: 9781593272746
  • 相關分類: BSD
  • 立即出貨(限量) (庫存=1)



OpenBSD's stateful packet filter, PF, is the heart of the OpenBSD firewall and a necessity for any admin working in a BSD environment. With a little effort and this book, you'll gain the insight needed to unlock PF's full potential.

This second edition of The Book of PF has been completely updated and revised. Based on Peter N.M. Hansteen's popular PF website and conference tutorials, this no-nonsense guide covers NAT and redirection, wireless networking, spam fighting, failover provisioning, logging, and more. Throughout the book, Hansteen emphasizes the importance of staying in control with a written network specification, keeping rule sets readable using macros, and performing rigid testing when loading new rules.

The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:

  • Create rule sets for all kinds of network traffic, whether it's crossing a simple LAN, hiding behind NAT, traversing DMZs, or spanning bridges or wider networks
  • Create wireless networks with access points, and lock them down with authpf and special access restrictions
  • Maximize flexibility and service availability via CARP, relayd, and redirection
  • Create adaptive firewalls to proactively defend against would-be attackers and spammers
  • Implement traffic shaping and queues with ALTQ (priq, cbq, or hfsc) to keep your network responsive
  • Master your logs with monitoring and visualization tools (including NetFlow)

The Book of PF is for BSD enthusiasts and network administrators at any skill level. With more and more services placing high demands on bandwidth and an increasingly hostile Internet environment, you can't afford to be without PF expertise.


OpenBSD 的狀態包過濾器 PF 是 OpenBSD 防火牆的核心,對於任何在 BSD 環境中工作的管理員來說都是必需的。只需稍加努力和本書的幫助,您將獲得解鎖 PF 全部潛力所需的洞察力。

《The Book of PF》的第二版已完全更新和修訂。這本不含廢話的指南基於 Peter N.M. Hansteen 受歡迎的 PF 網站和會議教程,涵蓋了 NAT 和重定向、無線網絡、反垃圾郵件、故障轉移配置、日誌記錄等主題。在整本書中,Hansteen 強調保持控制的重要性,通過書面網絡規範來保持可讀的規則集,並在加載新規則時進行嚴格測試。

《The Book of PF》探討了廣泛的主題,將激發您的思維並增強您的履歷,包括如何:

- 為各種網絡流量創建規則集,無論是穿越簡單的 LAN、隱藏在 NAT 後面、穿越 DMZ 還是跨越橋接或更廣泛的網絡
- 創建帶有接入點的無線網絡,並使用 authpf 和特殊訪問限制來加強安全
- 通過 CARP、relayd 和重定向最大化靈活性和服務可用性
- 創建自適應防火牆,主動防禦潛在的攻擊者和垃圾郵件發送者
- 使用 ALTQ(priq、cbq 或 hfsc)實施流量整形和佇列,以保持您的網絡響應迅速
- 使用監控和可視化工具(包括 NetFlow)掌握您的日誌

《The Book of PF》適合任何技能水平的 BSD 愛好者和網絡管理員。隨著越來越多的服務對帶寬提出高要求,以及日益惡劣的互聯網環境,您不能沒有 PF 專業知識。