How to PF Firewall Ruleset Optimization

OpenBSD journal has published excellent PF Firewall Ruleset Optimization tutorial.

ADVERTISEMENTS

From the article:
“This is the first installment in a series of three articles about PF. I originally wrote them as chapters for a book, but then publication was cancelled. Luckily, the rights could be salvaged, and now you get to enjoy them as undeadly.org exclusives.”

Firewall Ruleset Optimization topics:

  • Goals
  • The significance of packet rate
  • When pf is the bottleneck
  • Filter statefully
  • The downside of stateful filtering
  • Ruleset evaluation
  • Ordering rulesets to maximize skip steps
  • Use tables for address lists
  • Use quick to abort ruleset evaluation when rules match
  • Anchors with conditional evaluation
  • Let pfctl do the work for you
  • Testing Your Firewall (read)
  • Firewall Management (upcoming)

Read more at OpenBSD journal

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
0 comments… add one

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.