Chapter 1, walks through basic networking concepts, gives a short overview of PF’s history, and provides some pointers on how to adjust to the BSD way if you are new to this family of operating systems. Read this chapter first if you want to get your general bearings for working with BSD systems.

Chapter 2, shows you how to enable PF on your system and covers a very basic rule set for a single machine. This chapter is a fairly crucial one, since all the later configurations are based on the one we build in this chapter.

Chapter 3, builds on the single-machine configuration in Chapter 2 and leads you through the basics of setting up a gateway that serves as a point of contact between separate networks. By the end of Chapter 3, you’ll have built a configuration that is fairly typical for a home or small office network, with some tricks up your sleeve to make network management easier. You’ll also get an early taste of how to handle services with odd requirements such as FTP, as well as some tips on how to make your network troubleshooting-friendly by catering to some of the frequently less understood Internet protocols and services.

Chapter 4, walks you through adding wireless networking to your setup. The wireless environment presents some security challenges, and by the end of this chapter, you may find yourself with a wireless network with access control and authentication via authpf. Some of the information is likely to be useful in wired environments, too.

Chapter 5, tackles the situation where you introduce servers and services that need to be accessible from outside your own network. By the end of this chapter, you may have a network with one or several separate subnets and DMZs, and you will have tried your hand at a couple of different load-balancing schemes via redirections and relayd in order to improve service quality for your users.

Chapter 6, shows you some of the tools in the PF tool chest for dealing with attempts at undesirable activity, and how to use them productively. Here, we deal with brute-force password-guessing attempts and other network flooding, as well as the ever-favorite antispam tool spamd, the OpenBSD spam deferral daemon. This chapter should make your network a more pleasant one for legitimate users and not so welcoming to those with less than good intentions.

Chapter 7, introduces traffic shaping via the ALTQ queueing engine. We then move on to creating redundant configurations, with CARP configurations for both failover and load balancing. This chapter should leave you with better resource utilization through traffic shaping adapted to your network needs, as well as better availability with a redundant, CARP-based configuration.

Chapter 8, explains PF logs. You’ll learn how to extract and process log and statistics data from your PF configuration with tools in the base system as well as optional packages. This is where you will be exposed to NetFlow and SNMP-based tools.

Chapter 9, walks through various options that will help you tune your setup. It ties together the knowledge you have gained from the previous chapters with a rule set debugging tutorial.

Appendix A, is an annotated list of print and online literature and other resources you may find useful as you expand your knowledge of PF and networking topics.

Appendix B, gives an overview of some of the issues involved in creating a first-rate tool as free software.