Are you considering moving your setup to PF from some other system? If you are, then this book is for you. Author Peter Hansteen, has done an outstanding job of writing a book that is intended to be a stand-alone document to enable you to work on your machines.

Hansteen, begins with a background discussion of PF. Then, the author creates a very simple setup with PF. Next, he builds on that basic PF setup, but at the same time, he moves into more conventional territory: the packet-filtering gateway. The author also covers the basics of getting a wireless network up and running. He continues by building on the material from previous chapters, while trying to meet the real-life challenges of larger networks or even smaller ones with relatively demanding applications or users. Then, the author shows you how you can use built-in PF features such as tables and state-tracking options. Next, he shows you how to manage resource availability. The author continues by taking a closer look at PF logs in general and some of the tools you can use to extract and present useful information. Finally, the author wraps up by discussing some options and methods that will help you get the setup you need.

This most excellent book is mainly oriented toward users who edit their rule sets in their favorite text editor. In other words, the sample rule sets in this book are simple enough that you probably would not get a noticeable benefit from any of the visualization options the various GUI tools are known to offer.

I was excited to see a new book on Pf on the market. Three years ago I read and reviewed Building Firewalls with OpenBSD and PF (BFWOAP) by Jacek Artymiak and gave it five stars. I hoped The Book of Pf (TBOP) would acknowledge the best ideas in BFWOAP and expand into Pf developments of the last three years. TBOP is strong when it addresses how to install or use Pf on operating systems other than OpenBSD. Elsewhere, the book is too weak to merit more than three stars.

Let me start with the positive aspects of TBOP. First, it appears to be technically correct. I am not a Pf expert, but the recommendations made sense. The technical editor is an OpenBSD expert and Pf developer, so I am confident the text is accurate! Second, the author did an excellent job explaining how to install and use Pf on OpenBSD, FreeBSD, and NetBSD. I use FreeBSD extensively on servers, and I did not feel left out at all. The author was quick to point out quirks affecting Pf on non-OpenBSD platforms. Third, I liked the chapter on Pf monitoring (Ch 8) but thought it was way too brief.

Turning to the negative side, the first problem involves introducing technical concepts. One of the major rules governing book-writing is to properly explain technical items before including them. For example, p 39 includes the term "static-port" in a configuration. This is not explained anywhere. On p 43 we see "OS = OpenBSD", again with no explanation. On p 65 "set skip" is used, but at least there is some mention of it again on p 123. If you tell me to read the man pages to figure out what these terms mean, why should anyone read this book? The author should examine how Michael Lucas or Mike Rash describe technical details. Both know how to describe the minute details of configuration syntax so the reader understands each element.

Second, the book is way too short because it fails to properly explain many of the issues it mentions. After reading the book I do not expect the average reader to have a good understanding of anchors, tags, and tables. I think the major problem here is the devotion to brevity. I wanted to learn more about Pf's scrubbing features, but guess how much ink was spent talking about it? One paragraph, on p 128. There's more about scrubbing in the books I've written that there is in a book on Pf. That is disappointing. Another manifestation of the book's length is the failure to properly discuss some of the tools in Ch 8. I liked Ch 8, but the chapter needs to be expanded. How about more than a mention of pfflowd or using Pf with SNMP?

Third, I think it would be very helpful for TBOP to include a comparative chapter. The author should explain how Pf stacks up against other firewalls, especially open source alternatives like Linux's IPTables and FreeBSD's IPFW. The author appears to be a Pf advocate, but explaining how Pf compares to programs used by other people would help sell this book.

Earlier I wrote a five start review of a No Starch book called Linux Firewalls, so I know what a great firewall book looks like. I also thought Jacek Artymiak's BFWOAP was a five star book. I think the best course of action is to wait for a second edition of TBOP. Pf is a well-supported program, so you can expect to see plenty of additional features in the coming years. If the author addresses the shortcomings in this book I would recommend it.