bsdly.net logo The network should be invisible
The network should be noise free
Sandviksveien 32
NO-5036 Bergen
Tel: +47 9807 1263
Email bsdly@bsdly.net

The Book of PF

Welcome to the resources page for the The Book of PF, originally published by No Starch Press in late December 2007. The third edition covers OpenBSD 5.6, FreeBSD 10 and NetBSD 6, with emphasis on the new traffic shaping system introduced in OpenBSD 5.5.

The Book of PF is a current, practical and readable guide to building the fundamentals of the network you need using the best-of-breed free tools. The third edition is an extensively revised and somewhat expanded version, up to date with OpenBSD 5.6, FreeBSD 10 and NetBSD 6.

At the heart of the network you need is a packet filter (aka firewall) that lets you stay in control of your network traffic. Depending on your specific needs, you can extend your configuration to include traffic shaping, boost your network's reliability with redundant systems and transparent failover, load balancing, and SSL acceleration. For good measure, you can set up your system to mitigate various attack attempts including DOSing and bruteforcing, and of course there are good, behavior based spam avoidance tools.

All this and more you will find in The Book of PF, available now in good bookstores or directly via the clickable links on this page.

It started as a user group lecture intended for a circle of friends in Bergen, Norway. The circle of friends expanded incrementally via sessions at NUUG in Oslo, Norway, and later as a half day tutorial at AUUG 2005, UKUUG Spring 2006, BSDCan 2006, 2007, 2009, 2010, 2011, 2012, 2014, EuroBSDCon 2006 and 2007, SANE 2006, AsiaBSDCon 2007, and when the book was finally released in December 2007, I held a PF tutorial session based on the book at OpenCON 2007. Later conferences have tended to sport full-day sessions, and I still offer PF training, please contact me if you're interested.

Reviews (of the first edition)
Dru Lavigne's blog: Review of The Book of PF,

All in all, this book is very readable and a must-have resource for anyone who deals with firewall configurations. If you've heard good things about PF and have been thinking of giving it a go, this book is definitely for you.
Grunix.de (in German): Book Of PF: Eine Rezension,
Alle die privat oder auch beruflich PF einsetzen wird dieses Buch eine Hilfe sein. Sicherlich, die ganz harten Jungs werden es nicht brauchen, fr alle anderen ist das Buch aber ausnahmslos empfehlenswert.

Translated versions
In early 2009 I was delighted to hear that Eyrolles had bought the rights to do a French version. The finished product Le livre de Packet Filter was published in July 2009.

Updates and errata
Updates and errata will appear here and at the No Starch web site.

Updates and corrections for the first edition:

2008-01-26: The Book of PF Erratum 01: hoststated Tables and Redirection Targets corrects an error on page 52 of the book that would lead to a non-functional hoststated setup. Note: This has been corrected in the second printing, issued in October 2008.

2010-01-19: The Book of PF Update 01: hoststated becomes relayd, other changes hoststated became relayd in OpenBSD 4.3, and several other changes have occured since. Note: This and other changes were integrated in the second edition.


Updates and corrections for the second edition:

2011-05-29: The Book of PF Second Edition Update 01: In OpenBSD 4.9, wpa-psk(8) was replaced by wpakey option to ifconfig(8) - From OpenBSD 4.9 onwards, it's even easier to configure a wireless network with WPA.

Updates and corrections for the third edition:

2015-09-05: The Book of PF Erratum 02: The first example on page 39 contains syntax errors that would lead to an invalid configuration. This erratum specifies the correct syntax.

For occasional updates about my activities, see my blog at bsdly.blogspot.com.
Follow me on twitter: Follow me on Twitter