This document is © Copyright 2005 - 2008, Peter N. M. Hansteen. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The document is a 'work in progress', based on a manuscript prepared for a lecture at the BLUG (see http://www.blug.linux.no/) meeting of January 27th, 2005.
I'm interested in comments of all kinds, and you may if you wish add web or other references to html or pdf versions of the manuscript. If you do, I would like, but can not require, you to send me an email message that you've done it. For communication regarding this document please use the address <peter@bsdly.net>; whois bsdly.net provides full contact information.
| Revision History | ||
|---|---|---|
| Revision 0.03e | 12 february 2005 | |
| initial English version, based on Norwegian 0.03 version | ||
| Revision 0.04e | 15 february 2005 | |
| expanded copyright message, added intro footnote, based on Norwegian 0.04 version | ||
| Revision 0.05e | 16 february 2005 | |
| sudo footnote to first occurence, added some userinput tags, fixed typos. Thanks to: David Snyder | ||
| Revision 0.06e | 10 april 2005 | |
| Misc corrections/clarifications esp about tables, spamd. Special thanks to: Eystein Roll Aarseth. | ||
| Revision 0.07e | 10 april 2005 | |
| Added NetBSD info (Thanks: Peter Postma), Hygiene, keywordset for searchability | ||
| Revision 0.08e | 10 april 2005 | |
| License is now BSD | ||
| Revision 0.081e | 14 april 2005 | |
| Phrase desillification, typo nuking. | ||
| Revision 0.082e | 15 april 2005 | |
| webserver example uses macro now | ||
| Revision 0.09e | 02 october 2005 | |
| AUUG2005 edition revision - pftpx info updated, traceroute clarification (thanks to: Henrik Kramshøj) bruteforce protection, wireless basics and Vegard's authpf (Thanks: Vegard Engen). spamd part updated (new log format and new numbers). | ||
| Revision 0.091 | 17 october 2005 | |
| AUUG2005 version plus how to find info. Thanks: Stuart Henderson for pftpx in tree data. | ||
| Revision 0.092 | 28 november 2005 | |
| simplified rdr rules. | ||
| Revision 0.093e | 19 december 2005 | |
| misc minor fixes, most discovered while working on the No version | ||
| Revision 0.0931e | 27 december 2005 | |
| adjustments to bruteforce section, typo | ||
| Revision 0.0945e | 22 february 2006 | |
| UKUUG2006 edition w/restrict-to date (BSD license after $date) expanded icmp info, rdr w/'reflect', new ftp-proxy, altq restruct, more wifi, spamd update, logging update, conditionals online vs print | ||
| Revision 0.0946e | 21 march 2006 | |
| refreshed UKUUG2006 edition typo fixes; added 'if you enjoyed this, buy stuff'; added source link | ||
| Revision 0.09461e | 25 march 2006 | |
| refreshed UKUUG2006 edition minus a few typos | ||
| Revision 0.0948e | 28 march 2006 | |
| SANE 2006 edition; $int_if -> $localnet and what's your local net section (thanks: UKUUG delegate whose name I did unfortunately did not catch, do send me that email message!) ; hint at ftp-proxy's -R mode; added expiretable tip to the bruteforce section; refer to 3.9 as current version | ||
| Revision 0.09492e | 12 april 2006 | |
| Some clarification on ALTQ and authpf, more about expiretable, non-routables handling; changed order or ALTQ examples - explained why ACK prioritization works; turned expiretable tip into a section with a bit more motivation; added license audit footnote and slight rephrase in PF? intro; blackholing non-routable addresses in hygiene part, added some explanation in the authpf section | ||
| Revision 0.095e | 03 may 2006 | |
| new spamd statistics; | ||
| Revision 0.095e | 10 may 2006 | |
| spamd lists note- Bob Beck gave permission, mention his traplist in spamd section; | ||
| Revision 0.0951e | 11 may 2006 | |
| corrected FreeBSD wifi config- /etc/start_if.$ifname is really nice; thanks: Eric Bates | ||
| Revision 0.0952e | 15 may 2006 | |
| refresh for SANE appearance- localnet clarification wrt interface names | ||
| Revision 0.0953e | 27 may 2006 | |
| fix localnet definition + cvsup in examples. syntax errors are bad for you - cvsup is not in OpenBSD's services file | ||
| Revision 0.0955e | 21 august 2006 | |
| fix typos, note acx(4) now supports TI ACX1nn, greytrap footnote. | ||
| Revision 0.0956e | 27 august 2006 | |
| Cleanup from Eystein's notes. | ||
| Revision 0.0957e | 14 september 2006 | |
| typo fix - thanks Dimitri Umnov- who pointed out a rather obvious error in the reflection part; strangely not present in either NO version or the slides. | ||
| Revision 0.0958e | 25 september 2006 | |
| wrong url fixed - thanks Robby Cauwerts- who pointed out that what I thought all this time was a link to the archived haiku message was a link to something else entirely. | ||
| Revision 0.096e | 7 november 2006 | |
| EuroBSDCon 2006 edition OpenBSD 4.0 is out; refreshed overload section mainly from Eystein's comments; greytrapping - spamd is way too much fun to just leave alone, sprinkling refreshes there and adding more spamd setup details; touch up ftp section with references to ftpsesame and pftpx ports on FreeBSD | ||
| Revision 0.0955e | 14 february 2007 | |
| AsiaBSDCon 2007 edition OpenBSD 4.1 is very close, mention stateful filtering default; small adjustments in FreeBSD setup section; remove OpenBSD mention from pre-3.9 ftp-proxy sections; | ||
| Revision 0.09651e | 27 april 2007 | |
| typokill edition OpenBSD 4.1 is out; marc.theaimsgroup.com is now called marc.info; spamd refresh | ||
| Revision 0.09655e | 13 may 2007 | |
| BSDCan 2007 edition complete the spamd refresh; minor tweaks elsewhere | ||
| Revision 0.096551e | 28 may 2007 | |
| typofix. Thanks: Austin Hook. While here, update references | ||
| Revision 0.0966e | 11 sep 2007 | |
| EuroBSDCon 2007 edition 4.2 is close enough, minor edits and rephrasings | ||
| Revision 0.0967e | 05 jan 2008 | |
| Greytrapping correction + footnote. Thanks: Olli Hauer. The Book of PF is out, refer to it with clickables. | ||