Contributed by deanna on from the another take on a beloved topic dept.
Peter Hansteen has apparently been maintaining his own PF tutorial. I originally noticed Peter's guide through a submission to RootPrompt.org.
The tutorial like many others goes through the configuration basics and ends off with specific case studies for certain configuration approaches. One nice addition to this particular guide is a section on setting up a wireless access point and doing access control via authpf. This can be a bit confusing to those who've not tried doing setup wireless stuff (save for connecting to one) but there is enough here to get one going.
Older comments on this article...Re: Firewalling with OpenBSD's PF Packet Filter (mod 3/3) by Barry (63.237.125.20) on Tue May 1 19:57:28 2007 (GMT) Peter's Tutorial has helped me on several occasions. Most recently with setting up spamd on 4.0 Some of his configuration methods are not seen elsewhere. It lends a new perspective to configuring OpenBSD. Thanks Peter.
Re: Firewalling with OpenBSD's PF Packet Filter (mod 3/3) by Peter N. M. Hansteen (194.54.107.19) (peter@bsdly.net) on Tue May 1 20:18:26 2007 (GMT) http://bsdly.blogspot.com I revisit the tutorial often, and it always gets updated for conferences and other sessions. I'm doing some updates on the tutorial for BSDCan at the moment (and writing a related book in parallel, watch out for announcements from No Starch Press in the next few weeks). If enough people sign up for the session they've announced at Linuxtag, I will be giving the tutorial there too at the end of May.
(Comments are closed)
By Anonymous Coward (80.144.243.39) on
By Damon McMahon (198.142.101.229) damon.mcmahon@gmail.com on
One of the better pf HOWTOs in all, however the wireless access point section still relies on WEP for confidentiality (encryption) at the network layer.
With the known flaws in WEP (which to the author's credit he acknowledges) and no sign any time soon on WPA support, surely a HOWTO on setting up an OpenBSD wireless access point requires a discussion about using IPsec and pf to filter on the enc(4) interface?
Comments
By Peter N. M. Hansteen (194.54.103.97) peter@bsdly.net on http://bsdly.blogspot.com
a valid point and possibly a quite useful way to extend that bit of the tutorial. Thanks for the suggestion!
Comments
By Damon McMahon (198.142.101.229) damon.mcmahon@gmail.com on
> a valid point and possibly a quite useful way to extend that bit of the tutorial. Thanks for the suggestion!
You're welcome, and i apologise for lecturing as i'm a big believer in the OpenBSD philosophy of "don't ask, do"; it's something that I've been meaning to document myself as this is the setup I have for my home wireless network. If you wish, please drop me an email and I'll be happy to send you the resources I used and my configuration (ipsec, pf, dhcpd, named, etc)
By Damon McMahon (211.26.115.78) damon.mcmahon@gmail.com on
Fair enough, here are the links which got me going, a thorough understanding of the relevant documentation in the man pages is also a necessity:
http://www2.papamike.ca:8082/tutorials/pub/obsd_ipsec.html
http://www.openbsd-support.com/jp/en/htm/mgp/pacsec05/index.html
http://ezine.daemonnews.org/200401/wifi-ipsec.html
http://www.onlamp.com/pub/a/bsd/2004/10/21/wifi_ipsec.html
Assistance from Reyk Floeter and HÃ¥kan Olsson on misc@openbsd.org list gratefully acknowledged.
By Vuud (69.24.33.254) on
I recently used this guide to get started on moving from a GUI->PF builder to hand coding PF. I also used a few of the other guides, the FAQ and the three chapters from that book that never came out. All were really good and worth checking out in my opinion.
There were a few things lacking in all of them, which may seem obvious to experienced PF users... for instance, the benefit of doing "quick" on all your rules versus not and going with last matching... I know what they do, just not what is best to use when.
I have this guide printed out - its a good thing.
Thanks!