【文件属性】：
文件名称：The Book of PF, Second Edition.pdf
文件大小：6.55MB
文件格式：PDF
更新时间：2022-09-11 04:24:51
Book PF This is a book about building the network you need. We’ll dip into the topics of fire- walls and related functions, starting from a little theory. You’ll see plenty of examples of filtering and other ways to direct network traffic. I’ll assume that you have a basic to intermediate command of TCP/IP networking concepts and Unix administration. All the information in this book comes with a fair warning: As in any number of other endeavors, the solutions we discuss can be done in more than one way. You should also be aware that the software world could have changed slightly or quite a bit since the book was printed. The information in the book is as up to date and correct as possible at the time of writing, and refers to OpenBSD version 4.8, FreeBSD 8.1, and NetBSD 5.0, with any patches available in late August 2010. xviii Introduction This Is Not a HOWTO The book is a direct descendant of a moderately popular PF tutorial. The tutorial is also the source of the following admonition, and you may be exposed to this live if you attend one of my tutorial sessions: This document is not intended as a precooked recipe for cutting and pasting. Just to hammer this in, please repeat after me: The Pledge of the Network Admin This is my network. It is mine, or technically, my employer's. It is my responsibility, and I care for it with all my heart. There are many other networks a lot like mine, but none are just like it. I solemnly swear that I will not mindlessly paste from HOWTOs. The point is that while the configurations I show you do work (I have tested them, and they are in some way related to what has been put into production), they may be overly simplistic, since many were designed to demonstrate a specific point of configuration. They are almost certain to be at least a little off, and they possibly could be quite wrong for your network. Please keep in mind that this book is intended to show you a few useful techniques and inspire you to achieve good things. Please strive to understand your network and what you need to do to make it better. Please do not paste blindly from this document or any other. What This Book Covers The book is intended to be a stand-alone document to enable you to work onyour machines with only short forays into man pages and occasional refer- ence to the online and printed resources listed in Appendix A. Your system probably comes with a prewritten pf.conf file containing some commented-out suggestions for useful configurations, as well as a fewexamples in the documentation directories such as /usr/share/pf/. These examples are useful as a reference, but we won’t use them directly inthis book. Instead, you’ll learn how to construct a pf.conf from scratch, step by step.