Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security

Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security

Unfortunately, public wifi and other badly configured #firewalls killed the concept of TCP ports. There is only one port left, that's 443 for everything.

Some people argue, it is a blessing for #privacy, because all our criminal #Jabber usage is hidden now.

Comparing firewall syntax for SSH (port 22) with default-deny:
================================================

#iptables (Linux)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP

#nftables (Linux)
nft add rule inet my_filter input tcp dport 22 accept
nft add rule inet my_filter input drop

#ufw (Linux - simplified frontend to iptables)
ufw allow 22/tcp
ufw default deny incoming

#pf (OpenBSD)
pass in proto tcp to port 22
block all

pf’s syntax feels so elegant, human-readable, & minimal!

After 20years scripting iptables, I’m ready to try UFW on my laptop.
#firewall #sysadmin #pf #iptables #ufw #nftables