From owner-freebsd-questions@FreeBSD.ORG Thu Jan 20 04:33:39 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD58E106566C for ; Thu, 20 Jan 2011 04:33:39 +0000 (UTC) (envelope-from modulok@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 43AAE8FC1B for ; Thu, 20 Jan 2011 04:33:38 +0000 (UTC) Received: by wyf19 with SMTP id 19so216011wyf.13 for ; Wed, 19 Jan 2011 20:33:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=L3KAv8tatJaJUK4ftP7hPM9FsPqTQa19OKD93+5gSl0=; b=MqtZgFLUGXvr8Yecsxq4xCAbG5BAAfanDtD8FRBO8x6lhuNOvCplEUL98ESsxcA/hy DLTcwFIXgTDYyzfkNL4tTxeBSHZGnySv9t8ChuF039Aq4NiQAsgRmaWesx3E4ek7qc0Q LWdodOEP4mhO6Lwspd+wJPVU+IVP6qBtRCgL0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=clClyEMddnZAygeKvNeicqyJjrNmRg/mMmGGB3iuHHw2ahm93DQVwcgbPiUuRjXfZf RPWhRxMk8k+irvCagXxPVoDPxC6ynRx6Bgze2aVr3W3Sy73rLDU25kfjRpakrltBBcy7 MDuyG2Rmx9KdsU/vqz0mPgeGnLpw8n9aXNoMk= MIME-Version: 1.0 Received: by 10.227.126.204 with SMTP id d12mr1767305wbs.174.1295498015490; Wed, 19 Jan 2011 20:33:35 -0800 (PST) Received: by 10.227.20.73 with HTTP; Wed, 19 Jan 2011 20:33:35 -0800 (PST) In-Reply-To: <87y66g7kow.fsf@deeperthought.bsdly.net> References: <87y66g7kow.fsf@deeperthought.bsdly.net> Date: Wed, 19 Jan 2011 21:33:35 -0700 Message-ID: From: Modulok To: "Peter N. M. Hansteen" Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: Re: The book of pf... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2011 04:33:39 -0000 On 1/19/11, Peter N. M. Hansteen wrote: > Modulok writes: > >> This book comes in two editions. The first was published in December >> 2007, the second, November, 2010. Does anyone have this? And if so >> would I be correct to get the first edition instead? I know FreeBSD's >> pf lags being openBSD's, so I'm not sure which version of the book to >> get, if either are applicable to the version of pf that FreeBSD runs? >> (FreeBSD 8.1) > > I started updating the text for the 2nd edition due to the changes > introduced in OpenBSD 4.7, (aka "Henning's monster diff") plus a few > other goodies such as pflow(4) that had turned up since the first > edition's late 2007 release, but I took some care to keep samples in > the older syntax where it's relevant. > > That means that for the FreeBSD parts, the second edition is up to > date per roughly early October 2010 (FreeBSD 8.1-stable), with a not > that for FreeBSD, we assume the 8 series. If you're running an older > release (ie a close descendant of whatever was -stable in late 2007), > the first edition is likely better suited. > > For other differences between the two, you could probably get an idea > by comparing the TOCs from the two editions' web pages (at > http://nostarch.com/pf.htm and http://nostarch.com/pf2.htm > respectively). The second edition turned into a more thorough rewrite > than I'd originally planned with some bits moving around. But if in > doubt, why not get both? ;) > > But yes, for FreeBSD 8.1, you'll be happier with the second edition. > FreeBSD's PF syntax is old-style, but some other relevant network > config details changed between 2007 and 2010, and the second edition > reflects this. Peter, Thanks for taking the time to reply! Your post answers a lot of questions that I and others had. I have since purchased the second edition of the book and am working my way through it. Thanks for writing a book on the subject too. Without books such as yours, it would be a far more frustrating world. For anyone else tinkering with firewalls: virtual machines can simplify the logistics. -Modulok-