Synopsis # This chapter provides hardened defaults and safe operating procedures for OpenBSD network systems. It covers anti-spoofing and reverse-path filtering in pf.conf(5) , disciplined rule rollouts with pfctl(8) , minimal-access administration with doas.conf(5) , secure management-plane exposure via sshd_config(5) , secret file hygiene for daemons (for example, iked.conf(5) ), and patching with syspatch(8) ). It emphasizes predictable change, roll-back paths, and audit-ready configuratio...
