On 23-10-2014 21:49, Steve Litt wrote: > I'm getting set to build my third OpenBSD/pf firewall/NAT/router. The > first two I did with a lot of research and trial and error. Don't worry about this. Even if you read the documentation you'll need to try and test your rules. > > This time, I'd like to understand what I'm doing a little more. What > are some broad principles of pf? Does pf have an overarching philosophy > or architecture? I can point you to this: http://bulabula.org/papers/2013/rubsd/
I believe this is one of the latest papers regarding the future of pf. Also, besides the excellent manual pages, and the pf user guide on the openbsd site, there is a great book by Peter Hansteen: http://www.bsdly.net/~peter/ Besides this, perhaps Henning could weigh in. But as far as I know the principles of pf are the same of the OpenBSD project: security. Even more, given it's a packet filter. Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
