From owner-freebsd-pf@FreeBSD.ORG Sun Jun 23 12:56:46 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 8D0CCE5C for ; Sun, 23 Jun 2013 12:56:46 +0000 (UTC) (envelope-from peter@bsdly.net) Received: from skapet.bsdly.net (cl-426.sto-01.se.sixxs.net [IPv6:2001:16d8:ff00:1a9::2]) by mx1.freebsd.org (Postfix) with ESMTP id 3EDB01BED for ; Sun, 23 Jun 2013 12:56:46 +0000 (UTC) Received: from sonofskinny.bsdly.net ([192.168.103.254] helo=deeperthought.bsdly.net) by skapet.bsdly.net with esmtp (Exim 4.77) (envelope-from ) id 1UqjqV-00003y-FF; Sun, 23 Jun 2013 14:56:43 +0200 To: freebsd-pf@freebsd.org Subject: Re: current pf (freebsd 9.3) documentation References: <51C64897.3020802@tysdomain.com> From: peter@bsdly.net (Peter N. M. Hansteen) Date: Sun, 23 Jun 2013 14:56:38 +0200 In-Reply-To: <51C64897.3020802@tysdomain.com> (Tyler Littlefield's message of "Sat, 22 Jun 2013 21:00:07 -0400") Message-ID: <878v21m1dl.fsf@deeperthought.bsdly.net> User-Agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.4.22 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Jun 2013 12:56:46 -0000 "Littlefield, Tyler" writes: > I was looking for some information on the freebsd pf flavor and haven't > ran across much except for old mysterious rules that employ a lot of > voodoo to keep people from portscanning, but which I'm told are actually > wrong. > Is there a good place to obtain pf docs? The FreeBSD Handbook's PF chapter recently grew significantly, check http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html and go to the new section "31.4.6. PF Rule Sets and Tools". (Also, you could do worse than buy the book, but I'll limit my plugging.) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.