Muutke küpsiste eelistusi

Book Of Pf, 2nd Edition 2nd New edition [Pehme köide]

4.16/5 (138 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 216 pages, kõrgus x laius: 234x178 mm
  • Ilmumisaeg: 15-Nov-2010
  • Kirjastus: No Starch Press,US
  • ISBN-10: 159327274X
  • ISBN-13: 9781593272746
Teised raamatud teemal:
  • Pehme köide
  • Hind: 43,74 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
Book Of Pf, 2nd Edition 2nd New editionSuurem pilt
  • Formaat: Paperback / softback, 216 pages, kõrgus x laius: 234x178 mm
  • Ilmumisaeg: 15-Nov-2010
  • Kirjastus: No Starch Press,US
  • ISBN-10: 159327274X
  • ISBN-13: 9781593272746
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781593272746.html
Märksõnad:
Intended for readers with an intermediate understanding of TCP/IP networking and some experience as a UNIX administrator, the second edition of this guide presents information on configuring PF, the basic firewall of any OpenBSD operating system. Deliberately written as other than a cut-and-paste tutorial, the volume presents examples that highlight common configuration options and encourages the reader to understand the packet filtering principles involved and write personal configurations that are appropriate for their specific networking needs. Topics discussed include wired and wireless networks, basic configurations, larger or unusual network design, proactive defense, queues, traffic shaping and redundant security, and logging and monitoring. Numerous code examples are provided throughout and access to additional online content is provided. Hansteen is a BSD consultant and system administrator. Annotation ©2011 Book News, Inc., Portland, OR (booknews.com)

A solid understanding of OpenBSD's PF subsystem is a necessity for any network administrator working in a BSD environment. PF is the heart of the OpenBSD firewall but there are few quality books and resources for learning PF, which is often a difficult tool to master. This second edition of The Book of PF is an up-to-date, no-nonsense guide to harnessing the power of PF. Author Peter Hansteen covers NAT (network address translation) and redirection, wireless networking, spam fighting, failover provisioning, logging, and more. New additions include coverage of CARP load balancing, and expanded coverage of traffic shaping (including ALTQ queue disciplines such as HFSC), and logging and monitoring. Written for anyone who has felt lost in PF's manual pages or baffled by its massive feature set, The Book of PF, 2nd Edition will help you confidently build the high-performance, secure, low maintenance network you need. (This edition also reflects new developments in OpenBSD, PF, FreeBSD 8.0, and NetBSD 5.)

Foreword xiii
Bob Beck
Acknowledgments xv
Introduction xvii
This is Not a HOWTO xviii
What This Book Covers xviii
1 Building the Network You Need
1(10)
Your Network: High Performance, Low Maintenance, and Secure
1(2)
Where the Packet Filter Fits In
3(1)
The Rise of PF
3(2)
If You Came from Elsewhere
5(4)
Pointers for Linux Users
6(1)
Frequently Answered Questions About PF
7(2)
A Little Encouragement: A PF Haiku
9(2)
2 PF Configuration Basics
11(14)
The First Step: Enabling PF
12(4)
Setting Up PF On OpenBSD
12(1)
Setting Up PF on FreeBSD
13(2)
Setting Up PF on NetBSD
15(1)
A Simple PF Rule Set: A Single, Stand-Alone Machine
16(2)
A Minimal Rule Set
16(2)
Testing the Rule Set
18(1)
Slightly Stricter: Using Lists and Macros for Readability
18(4)
A Stricter Baseline Rule Set
19(1)
Reloading the Rule Set and Looking for Errors
20(1)
Checking Your Rules
21(1)
Testing the Changed Rule Set
21(1)
Displaying Information About Your System
22(1)
Looking Ahead
23(2)
3 Into the Real World
25(16)
A Simple Gateway
26(8)
Keep It Simple: Avoid the Pitfalls of in, Out, and on
26(1)
Network Address Translation vs. IPv6
27(1)
Final Preparations: Defining Your Local Network
28(1)
Setting Up a Gateway
29(4)
Testing Your Rule Set
33(1)
That Sad Old FTP Thing
34(2)
If We Must: ftp-proxy with Redirection
34(2)
Making Your Network Troubleshooting Friendly
36(3)
Do We Let it All Through?
37(1)
The Easy Way Out: The Buck Stops Here
37(1)
Letting ping Through
37(1)
Helping traceroute
38(1)
Path MTU Discovery
38(1)
Tables Make Your Life Easier
39(2)
4 Wireless Networks Made Easy
41(18)
A Little IEEE 802.11 Background
42(2)
MAC Address Filtering
42(1)
WEP
43(1)
WPA
43(1)
The Right Hardware for the Task
44(1)
Setting Up a Simple Wireless Network
44(10)
An OpenBSD WPA Access Point
47(1)
A FreeBSD WPA Access Point
48(1)
The Access Point's PF Rule Set
49(1)
Access Points with Three ro More Interfaces
50(1)
Handling IPSec, VPN Solutions
50(1)
The Client Side
51(3)
Guarding Your Wireless Network with authpf
54(5)
A Basic Authenticating Gateway
55(2)
Wide Open but Actually Shut
57(2)
5 Bigger or Trickier Networks
59(26)
A Web Server and Mail Server on the inside---Routable Addresses
60(11)
A Degree of Separation: Introducing the DMZ
63(2)
Sharing the Load: Redirecting to a Pool of Addresses
65(1)
Getting Load Balancing Right with relayd
66(5)
A Web Server and Mail Server on the Inside---the NAT Version
71(5)
DMZ with NAT
73(1)
Redirection for Load Balancing
73(1)
Back to the Single NATed Network
74(2)
Filtering on Interface Groups
76(1)
The Power of Tags
77(1)
The Bridging Firewall
78(5)
Basic Bridge Setup on OpenBSD
79(1)
Basic Bridge Setup on FreeBSD
80(1)
Basic Bridge Setup on NetBSD
81(1)
The Bridge Rule Set
82(1)
Handling Nonroutable Addresses from Elsewhere
83(2)
6 Turning the Tables for Proactive Defense
85(20)
Turning Away the Brutes
86(3)
SSH Brute-Force Attacks
86(1)
Setting Up an Adaptive Firewall
86(3)
Tidying Your Tables with pfctl
89(1)
Giving Spammers a Hard Time with spamd
89(15)
Network-Level Behavior Analysis and Blacklisting
90(3)
Greylisting: My Admin Told Me Not to Talk to strangers
93(5)
Tracking Your Real Mail Connections: spamlogd
98(1)
Greytrapping
98(2)
Managing Lists with spamdb
100(2)
Detecting Out-of-Order MX Use
102(1)
Handling Sites That Do Not Play Well with Greylisting
102(2)
Spam-Fighting Tips
104(1)
7 Queues, Shaping, and Redundancy
105(26)
Directing Traffic with ALTQ
105(3)
Basic ALTQ Concepts
106(1)
Queue Schedulers, aka Queue Disciplines
106(1)
Setting Up ALTQ
107(1)
Setting Up Queues
108(11)
Priority-Based Queues
109(3)
Class-Based Bandwidth Allocation for Small Networks
112(1)
A Basic HFSC Traffic Shaper
113(2)
Queueing for Servers in a DMZ
115(2)
Using ALTQ to Handle Unwanted Traffic
117(2)
Redundancy and Failover: CARP and pfsync
119(12)
The Project Specification: A Redundant Pair of Gateways
119(2)
Setting Up CARP
121(4)
Keeping States Synchronized: Adding pfsync
125(1)
Putting Together a Rule Set
126(2)
CARP for Load Balancing
128(3)
8 Logging, Monitoring, and Statistics
131(20)
PF Logs: The Basics
132(7)
Logging All Packets: log (all)
134(1)
Logging to Several pflog Interfaces
135(1)
Logging to Syslog, Local or Remote
135(2)
Tracking Statistics for Each Rule with Labels
137(2)
Additional Tools for PF Logs and Statistics
139(11)
Keeping an Eye on Things with systat
139(2)
Keeping an Eye on Things with pftop
141(1)
Graphing Your Traffic with pfstat
141(2)
Collecting NetFlow Data with pflow(4)
143(6)
Collecting NetFlow Data with pfflowd
149(1)
SNMP Tools and PF-Related SNMP MIBs
150(1)
Log Data as the Basis for Effective Debugging
150(1)
9 Getting Your Setup Just Right
151(16)
Things You Can Tweak and What You Probably Should Leave Alone
151(7)
Block Policy
152(1)
Skip Interfaces
152(1)
State Policy
153(1)
State Defaults
153(1)
Timeouts
154(1)
Limits
155(1)
Debug
156(1)
Rule Set Optimization
157(1)
Optimization
158(1)
Fragment Reassembly
158(1)
Cleaning Up Your Traffic
158(2)
Packet Normalization with scrub
158(1)
Protecting Against Spoofing with antispoof
159(1)
Testing Your Setup
160(2)
Debugging Your Rule Set
162(3)
Know Your Network and Stay in Control
165(2)
A RESOURCES
167(6)
General Networking and BSD Resources on the Internet
167(2)
Sample Configurations and Related Musings
169(1)
PF on Other BSD Systems
170(1)
BSD and Networking Books
170(1)
Wireless Networking Resources
171(1)
spamd and Greylisting-Related Resources
171(1)
Book-Related Web Resources
172(1)
Buy OpenBSD CDs and Donatel
172(1)
B A NOTE ON HARDWARE SUPPORT
173(4)
Getting the Right Hardware
174(1)
Issues Facing Hardware Support Developers
175(1)
How to Help the Hardware Support Efforts
175(2)
Index 177
Peter N. M. Hansteen is a consultant, writer, and sysadmin based in Bergen, Norway. A longtime Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional contributor to BSD Magazine, and the author of an often-slashdotted blog (http-//bsdly.blogspot.com/). Hansteen was a participant in the original RFC 1149 implementation team. The Book of PF is an expanded follow-up to his very popular online PF tutorial (http-//home.nuug.no/-peter/pf/).