Книга: The Book of PF
Автор: Peter N. M. Hansteen
Издательство: No Starch Press
Размер: 6.93 Мб
Год издания: 2008
Chapter 1: What PF Is
Chapter 2: Let’s Get On With It
Chapter 3: Into the Real World
Chapter 4: Wireless Networks Made Easy
Chapter 5: Bigger or Trickier Networks
Chapter 6: Turning the Tables for Proactive Defense
Chapter 7: Queues, Shaping, and Redundancy
Chapter 8: Logging, Monitoring, and Statistics
Chapter 9: Getting Your Setup Just Right
OpenBSD’s PF packet filter has enjoyed a lot of success and attention since it was first released in OpenBSD 3.0 in late 2001. While you’ll find out more about PF’s history in this book, in a nutshell, PF happened because it was needed by the developers and users of OpenBSD. Since the original release, PF has evolved greatly and has become the most powerful free tool available for firewalling, load balancing, and traffic managing. When PF is combined with CARP and pfsync, PF lets system administrators not only protect their services from attack, but it makes those services more reliable by allowing for redundancy and it makes them faster by scaling them using pools of servers managed through PF and hoststated.
While I have been involved with PF’s development, I am first and foremost a large-scale user of PF. I use PF for security, to manage threats both internal and external, and to help me run large pieces of critical infrastructure in a redundant and scalable manner. This saves my employer (the University of Alberta, where I wear the head sysadmin hat by day) money, both in terms of downtime and in terms of hardware and software. You can use PF to do the same.
With these features comes the necessary evil of complexity. For someone well versed in TCP/IP and OpenBSD, PF’s system documentation is quite extensive and usable all on its own. But in spite of extensive examples in the system documentation, it is never quite possible to put all the things you can do with PF and its related set of tools front and center without making the system documentation so large that it ceases to be useful for those experienced people who need to use it as a reference.
This book bridges the gap. If you are a relative newcomer, it can get you up to speed on OpenBSD and PF. If you are a more experienced user, this book can show you some examples of the more complex applications that help people with problems beyond the scope of the typical. For several years, Peter N.M. Hansteen has been an excellent resource for people learning how to apply PF in more than just the “How do I make a firewall?” sense, and this book extends his tradition of sharing that knowledge with others. Firewalls are now ubiquitous enough that most people have one, or several. But this book is not simply about building a firewall, it is about learning techniques for manipulating your network traffic and understanding those techniques enough to make your life as a system and network administrator a lot easier. A simple firewall is easy to build or buy off the shelf, but a firewall you can live with and manage yourself is somewhat more complex. This book goes a long way toward flattening out the learning curve and getting you thinking not only about how to build a firewall, but how PF works and where its strengths can help you. This book is an investment to save you time. It will get you up and running the right way—faster, with fewer false starts and less time experimenting.
|a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 |
а б в г д е ж з и й к л м н о п р с т у ф х ц ч ш щ ъ ы ь э ю я
Посетители, находящиеся в группе Гости, не могут оставлять комментарии в данной новости.