OpenBSD Journal

Review: The Book of PF

Contributed by sean on from the dead-trees-tell-many-tales dept.

A short while back, I was pre-ordering the 4.3 media sets when I noticed that Peter Hansteen's The Book of PF was also available on the OpenBSD order site. I remembered a review by Dru Lavinge on the book a while back. The local book sellers (even the big chains) have scaled back their "computer" sections to the point where they are the last place I look so having the book available on the OpenBSD website was more than convienient.

The Book of PF is a little and relatively inexpensive book. Weighing in at 145 pages (including appendices and excluding the index), Peter manages to cram in a reasonably thorough and practical reference for PF.

As Peter notes, the book is an expansion and extrapolation of his rather popular PF tutorial. The scope of the book covers all the major features of the PF firewall and enhances the examples with some specific use cases like implementing a wireless access point.

One of the most notable features of the book is that the tone and style are extremely easy to read and the presentation of the material in good size chunks lent itself to being a great companion on my morning commute. The book could be easily read on a concentrated day but it took me about two weeks of 20 minute bus rides to get through it. I haven't finished going through the entire appendix of external sources, which is a fantastic addition but is more useful if you are reading the material with Internet access available (which isn't the case on the local transit system).

One thing to note is that despite the title, the book does not hit on everything you can think of. One way to see it as introductory material to the pf manpage. For example, the interface:network notation is used but barely metioned or explained. As well, concrete examples of the less pedestrian options such as binat, or the route-to, reply-to and dup-to for rdr.

If you feel you already know PF very well and track it's perpetual progress then this book probably is not for you. However if you keep up with PF as each release happens and just need a good reference to keep sharp, this is definitely worth the shelf space. This book could also be used as training material for junior administrators or new hires. My previous recommendation for this use was Jacek's book which while still is good, is both harder to come by (as printed material) and cannot beat the tone and approachability of Peter's efforts.

(Comments are closed)

  1. By Chris Smith ( on

    I'm a n00b to pf, but I bought it with the 4.3 order, as well.
    A couple of chapters in, I think the book is excellent.
    The fact that it has grown out of a tutorial/presentation over time gives it a level of polish and logical flow rarely encountered on any topic.
    Wouldn't hesitate to buy anything this author publishes.

  2. By Terrell Prude' Jr. ( (this is a spamtrap address) on

    That tutorial was part of my own study material for PF. It is written well and quite understandable, even to a n00b to PF like I was, so I expect that the full book would be written equally well.


    1. By Anonymous Coward ( on

      > That tutorial was part of my own study material for PF. It is written well and quite understandable, even to a n00b to PF like I was, so I expect that the full book would be written equally well.
      > --TP

      Just having the book on your bookshelf is worth it alone! This book was a great read and I'd love to see more like it or from the same author.

  3. By Anonymous Coward ( on

    Got at Microcenter computer store, last copy as well. Undeadly article is very good review of book.
    Although I may not even need a firewall with a very simple OpenBSD system as a home workstation, having a good book on PF makes it simpler to learn complex networking needs for when I get there.

    Would be nice if the Book of PF, became a living text, updated to reflect PF changes and OS, with more complex configuration that many in IT will eventually get to.

    As a side note, I read in news about Yahoo, that they use OpenBSD, as well as FreeBSD. Would be cool to see how a large organization uses PF and OpenBSD to its max.



Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]