The book of pf...
modulok at gmail.com
Thu Jan 20 04:33:39 UTC 2011
On 1/19/11, Peter N. M. Hansteen <peter at bsdly.net> wrote:
> Modulok <modulok at gmail.com> writes:
>> This book comes in two editions. The first was published in December
>> 2007, the second, November, 2010. Does anyone have this? And if so
>> would I be correct to get the first edition instead? I know FreeBSD's
>> pf lags being openBSD's, so I'm not sure which version of the book to
>> get, if either are applicable to the version of pf that FreeBSD runs?
>> (FreeBSD 8.1)
> I started updating the text for the 2nd edition due to the changes
> introduced in OpenBSD 4.7, (aka "Henning's monster diff") plus a few
> other goodies such as pflow(4) that had turned up since the first
> edition's late 2007 release, but I took some care to keep samples in
> the older syntax where it's relevant.
> That means that for the FreeBSD parts, the second edition is up to
> date per roughly early October 2010 (FreeBSD 8.1-stable), with a not
> that for FreeBSD, we assume the 8 series. If you're running an older
> release (ie a close descendant of whatever was -stable in late 2007),
> the first edition is likely better suited.
> For other differences between the two, you could probably get an idea
> by comparing the TOCs from the two editions' web pages (at
> http://nostarch.com/pf.htm and http://nostarch.com/pf2.htm
> respectively). The second edition turned into a more thorough rewrite
> than I'd originally planned with some bits moving around. But if in
> doubt, why not get both? ;)
> But yes, for FreeBSD 8.1, you'll be happier with the second edition.
> FreeBSD's PF syntax is old-style, but some other relevant network
> config details changed between 2007 and 2010, and the second edition
> reflects this.
Thanks for taking the time to reply! Your post answers a lot of
questions that I and others had. I have since purchased the second
edition of the book and am working my way through it. Thanks for
writing a book on the subject too. Without books such as yours, it
would be a far more frustrating world.
For anyone else tinkering with firewalls: virtual machines can
simplify the logistics.
More information about the freebsd-questions