Daniel wrote :
" I originally wrote them as chapters for a book, but then publication
was cancelled. Luckily, the rights could be salvaged,
and now you get to enjoy them as undeadly.org exclusives. In celebration
of the upcoming OpenBSD 4.0 <http://www.openbsd.org/orders.html>
release. ;) "
*
Here is the table of content of the first article :
Firewall Ruleset Optimization*
* Goals
* The significance of packet rate
* When pf is the bottleneck
* Filter statefully
* The downside of stateful filtering
* Ruleset evaluation
* Ordering rulesets to maximize skip steps
* Use tables for address lists
* Use quick to abort ruleset evaluation when rules match
* Anchors with conditional evaluation
* Let pfctl do the work for you
The full story is at :
http://undeadly.org/cgi?action=article&sid=20060927091645
*
Here is the table of content of the second article :*
*Testing Your Firewall*
* Introduction
* A well-defined filtering policy
* A ruleset implementing the policy
* Parser errors
* Testing
* Debugging
* Debugging protocols
* Debugging rulesets
* Following connections through the firewall
* Debugging states
* Create TCP states on the initial SYN packet
The full story is at :
http://undeadly.org/cgi?action=article&sid=20060928081238
Enjoy
Regards