(about) (installation) - Prerequisites - Setting up a virtual machine - Obtaining installation media - Booting OpenBSD - The install script - First system boot - Viewing system documentation - Viewing system logs (configuration) - Adding users to the system - Granting root access - Installing additional software from packages - Setting up a working environment - Disabling SSH password authentication - Configuring network interfaces - A simple pf rule set - Checking pf state - Viewing network traffic with tcpdump - Viewing pf logs - Expanding the network o Enabling IPv4 routing o Installing another virtual machine - Configuring network address translation (NAT) o The 'nat-to' and 'match' keywords o Adding NAT to our ruleset - Configuring static routing - Tracing routes - Setting up a HTTP server - Configuring redirection (port forwarding) - Setting up an NTP server - Setting up an SSL offloader o Creating a self-signed SSL certificate o Configuring 'relayd' as SSL offloader - Setting up redundant firewalls with CARP and pfsync o Installing another firewall o Configuring CARP o Updating pf rules for use with CARP o Updating the 'relayd' configuration for CARP o Configuring pfsync o CARP on the internal network o Testing CARP failover - Traffic monitoring with netflow (pflow) o Enabling pflow o Installing nfsen - Logging to a remote server - Setting up an IPsec VPN o Basic IPsec setup o Integrating IPsec and CARP (autoinstall) - Creating an autoinstall response file - Performing an automated installation - Post-install configuration (configuration2) - Traffic Shaping o Preparing traffic shaping tests o Limiting transfer speed o Prioritizing TCP ACK packets o Fair queueing - pf Tags - pf Anchors o Declaring anchors o Modifying anchors - pf Tables o Preparing a test with tables o Adding a table to the ruleset o Modifying tables with pfctl - Layer 3 load-balancing o Disable load-balancing on firewalls o Configure load-balancing with relayd - Layer 7 load-balancing o Enabling load-balancing for HTTPS o Directing HTTP requests to specific backend servers - Traffic Normalization o Fragment handling o Scrubbing packet headers o Antispoof - SYN-Proxy - Understanding pf's Ruleset Optimizer - Providing DNS service with Unbound and NSD o Creating zone files for NSD o Configuring an NSD master DNS server o Configuring an NSD slave DNS server o Notes on updating zone files o Configuring Unbound - Setting up a DHCP server - Sending email with smtpd o Setting up an SMTP server with authentication o Forwarding email to an SMTP server (backup) - Adding a backup user account - Running the 'dump' tool - Running the 'restore' tool (customization) - Customized installation - Creating custom ports and packages (upgrade) - Applying errata patches with syspatch - Applying errata patches with source code - Upgrading to the next release - Upgrading packages (challenges) - Recovering the root password - tmux - The dying SSH connection mystery - A long time ago in a galaxy far, far away.... - A Transparent Firewall - Full disk encryption - Installing an OpenBSD laptop