Slashdot Mirror

← Back to Domains

Domain: openbsd.org

Stories and comments across the archive that link to openbsd.org.

Comments · 2,959

  1. About time, I say by irenetheno · · Score: 5, Informative · on Absolute OpenBSD
    This is only second book in history on OpenBSD.

    That doesn't mean that OpenBSD is bad or has a small group of supporters.. It's only one of the most secure ("out of the box" is one of the items of high importance to me) firewall operating systems in the world. It's completely Open Source and available for free download.

    The original book on OpenBSD from the year 2000 is sorely outdated since the OpenBSD project tries to release a new version every six months. This book covered lots of security/firewalling concepts and how to implement them in OpenBSD 2.5 (as well as Linux) while we are now at OpenBSD 3.3. The above-mentioned books should be able to help fill in the background details as to the "whys" more than the "hows."
    The "hows" are provided on the OpenBSD website for free:
    FAQ (installation)
    Packet Filter User's Guide (does most of the amazing firewalling that OpenBSD is famous for)
    Manual Pages

    OpenBSD is freely available for download, but if you like the project, I strongly encourage you... Buy something from them (they have a few shirts and posters): Or donate money or hardware.

    Also, I wonder if this book is in any way related to the Deadly.org plea from the community for topics that an OpenBSD book should cover.

  2. About time, I say by irenetheno · · Score: 5, Informative · on Absolute OpenBSD
    This is only second book in history on OpenBSD.

    That doesn't mean that OpenBSD is bad or has a small group of supporters.. It's only one of the most secure ("out of the box" is one of the items of high importance to me) firewall operating systems in the world. It's completely Open Source and available for free download.

    The original book on OpenBSD from the year 2000 is sorely outdated since the OpenBSD project tries to release a new version every six months. This book covered lots of security/firewalling concepts and how to implement them in OpenBSD 2.5 (as well as Linux) while we are now at OpenBSD 3.3. The above-mentioned books should be able to help fill in the background details as to the "whys" more than the "hows."
    The "hows" are provided on the OpenBSD website for free:
    FAQ (installation)
    Packet Filter User's Guide (does most of the amazing firewalling that OpenBSD is famous for)
    Manual Pages

    OpenBSD is freely available for download, but if you like the project, I strongly encourage you... Buy something from them (they have a few shirts and posters): Or donate money or hardware.

    Also, I wonder if this book is in any way related to the Deadly.org plea from the community for topics that an OpenBSD book should cover.

  3. About time, I say by irenetheno · · Score: 5, Informative · on Absolute OpenBSD
    This is only second book in history on OpenBSD.

    That doesn't mean that OpenBSD is bad or has a small group of supporters.. It's only one of the most secure ("out of the box" is one of the items of high importance to me) firewall operating systems in the world. It's completely Open Source and available for free download.

    The original book on OpenBSD from the year 2000 is sorely outdated since the OpenBSD project tries to release a new version every six months. This book covered lots of security/firewalling concepts and how to implement them in OpenBSD 2.5 (as well as Linux) while we are now at OpenBSD 3.3. The above-mentioned books should be able to help fill in the background details as to the "whys" more than the "hows."
    The "hows" are provided on the OpenBSD website for free:
    FAQ (installation)
    Packet Filter User's Guide (does most of the amazing firewalling that OpenBSD is famous for)
    Manual Pages

    OpenBSD is freely available for download, but if you like the project, I strongly encourage you... Buy something from them (they have a few shirts and posters): Or donate money or hardware.

    Also, I wonder if this book is in any way related to the Deadly.org plea from the community for topics that an OpenBSD book should cover.

  4. Don't be dismissive by pchown · · Score: 5, Insightful · on Microsoft to Clean Up Code

    It's tempting to dismiss this sort of announcement as "more of the same", "PR spin", and so on. Perhaps it is, but I don't want to get caught when the security spending starts to produce real fruit.

    Think about the success of OpenBSD. In terms of security holes it's probably an order of magnitude better than other free operating systems, and Windows. This result was largely obtained through code auditing. If we aren't careful, in a few years, Microsoft will turn the tables on us. The code auditing they've done will have paid off, and we'll have it all still to do (for the typical Linux distribution, OpenBSD is different).

    Laughing at your competitors is a risky strategy.

  5. Taking security for granted by Neophytus · · Score: 4, Insightful · on Microsoft to Clean Up Code

    I would never want to take my security for granted, in any product. Not windows, not open source, not even goddamn openbsd that proclaims proudly 'only one remote hole in the default install, in more than 7 years' on its front page. Only one hole that has been found. The chances are that, somewhere, there is an obscure security hole that nobody has discovered. It would become the second.

  6. Re:We pass the savings on to you! by grub · · Score: 1 · on University Sponsored Music Services?


    Rather than getting bigger pipes they should incorporate traffic shaping (ala ALTQ in OpenBSD, et al) to keep the P2P traffic low so the students can use the network for what their parents pay for: learning.

  7. Opensource music by Andreas(R) · · Score: 3, Funny · on Open Source Music

    There is nothing like the OpenBsd Song

  8. Re:This is all false information by Anonymous Coward · · Score: 0 · on Use a Honeypot, Go to Prison?

    (I repeat, will not)

    Yeah, we heard you the first time.

    Ergo, I strongly urge you all to use firewall software and anti-virus packages with updated virus definitions.

    That, or keep extremely valuable stuff on your machine. ;)

    Actually, I've never really had a use for antivirus software, just don't run untrusted binaries. (that includes outlook, btw)

    As for firewalls, I can recommend one.

  9. SCO cannot fight the power of BSD! by Anonymous Coward · · Score: 0, Funny · on SCO Claims Linux Sales After Suit Irrelevant

    Bow down and worship the goddess of BSD!

    You Linux-using fags cannot possibly comprehend the beauty of the one true goddess!

    See how a true believer honors her. Take another look at the proper way to show your devotion to the divine babe of BSD!

    There is truly no hope for Linux as long as the lovely Ceren smiles upon us!

  10. Re: I...(P.Diddy on IRC) by Telent · · Score: 1 · on IRC Networks Unite in Fight Against Fizzer Worm
    I didn't know that P. Diddy was on IRC.., No wonder J-Lo left you... Now I know... and knowing is half the battle...

    Gah. Dude, it gets a bit old. ;) The nick comes from the OpenBSD blowfish. I'm their resident BSD girl.

    And I feel the need to go on the record as saying that Puff Daddy sucks and sucks hard, and not in the nice way, either.

    As for finding out, I don't have a copy of the virus... only some of the clients. And I'm too busy akilling those to be interested in where it came from. Fact is, it's loose. And that's the most important thing.

  11. NetBSD is already there; FreeBSD won't take long by Brett+Glass · · Score: 2, Informative · on FreeBSD Support for AMD64 On the Way

    All of the brouhaha over Linux seems to have overshadowed the fact that it was actually NetBSD that was the first UNIX-like operating system to boot on the AMD64 architecture (under simulation, several years ago, long before there was silicon). If FreeBSD and OpenBSD leverage this work, they won't be far behind. (OpenBSD has diverged from NetBSD, but not so much that they can't bring in the architecture-dependent stuff from NetBSD very quickly if they want to.)

  12. NOT OFF TOPIC by TeknoDragon · · Score: 0, Offtopic · on Exec Shield for the Linux Kernel

    but well... ingo isn't such a "douchbag"

    the latest OpenBSD release has the same feature... called W^X (W xor X)

  13. The RIAA. because Big Brother is watching YOU. by rice_burners_suck · · Score: 4, Funny · on RIAA Plans Cyberwar Effort
    The RIAA wants to mess with my computers, eh? That is precisely why my networks are protected behind a giant Wall of stone and mortar, beyond a moat of black water filled with flesh eating monsters. Guards stand atop the Wall, some with swords, some with bows are arrows, some with tubs of boiling oil, some with boulders of granite, and some with sawed off 12 gauges. Atop a tower behind the great Wall stands a big ogre wielding a BFG9000. And inside the fortress, behind the giant gates of wrought iron and forged steel stands an entire army of very big, very drunk, very pissed off demons ready to beat the living crap out of anything that steps through the gate. This is what I call a security system. You might better know it as... OpenBSD.

    This is MY PROPERTY! I am NOT a CRIMINAL. And I will NOT have some stupid RIAA telling me otherwise. Oh, and need I mention that due to their tactics, I do NOT buy music recordings any longer? (Except for self published recordings that have nothing to do with the RIAA.) It's not due to piracy either... because I don't download MP3s. I bought a GUITAR and I make my own damn music!

  14. Re:don't forget to patch sendmail, people by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released

    If you take the time to read the change log for OpenBSD-current you will discover that:
    "Update sendmail(8) to 8.12.9 to fix a buffer overflow in address parsing. Note that this fix went onto the OpenBSD 3.3 CDs and so is not a 3.3 erratum." You could also check the patches page to see that none are currently offered because everything is up to date, so far.

  15. What I really like... by Brett+Glass · · Score: 1 · on OpenBSD 3.3 Released

    ...is the penguin skeleton in the cover art. Subtle.

  16. Re:Cost of not patching? by Cyberdyne · · Score: 1 · on The Costs of Patching
    The difficult question is whether the costs of patching outweigh the costs of NOT patching. There's a lot to be said for "if it ain't broke, don't fix it" sometimes.

    For the usual "feature" patches ("This patch adds pretty shiny things to the edge of your window"...), you're absolutely right: making any kind of large-scale change (like putting a new patch on 1000 machines) is a big deal. Even if it's all automated via network management tools, you'll need to test, prepare and then support it. Do you really need that little tweak added?

    However, with security patches usually you have no choice. The only decision for some security patches is how long do you wait before deploying it. Don't wanna be the first ones to put a bad patch on now, do we?

    That's a tough one. Deploying a patch seems like a big hassle, especially when you need to test it thoroughly and have a fallback option if it fails. Big hassle, that is, up until it's too late and you have to clear out a few dozen CodeRed or Nimda infected machines! Like insurance: seems too expensive, right up until you actually need it...

    Of course, they don't seem to mention the alternative, of not needing to patch ;-) As Bernstein says, reliability means never having to say "sorry" - and never having to patch, either!

  17. Re:Buy on BudgetLinuxCDS.com by irenetheno · · Score: 1 · on OpenBSD 3.3 Released
    If you don't plan on buying the install from OpenBSD ($40) directly , at least buy a ($16/$20/$40) shirt, or a ($10) poster or something.

    DARPA cut their $2 million funding offer, the OpenBSD project is stuck with all kinds of bills.. $$$upport quality "little-man Open Source Software" or it will go away.

  18. Re:Buy on BudgetLinuxCDS.com by irenetheno · · Score: 1 · on OpenBSD 3.3 Released
    If you don't plan on buying the install from OpenBSD ($40) directly , at least buy a ($16/$20/$40) shirt, or a ($10) poster or something.

    DARPA cut their $2 million funding offer, the OpenBSD project is stuck with all kinds of bills.. $$$upport quality "little-man Open Source Software" or it will go away.

  19. Re:OpenBSD = Coordinated Innovation by fries · · Score: 1 · on OpenBSD 3.3 Released

    Interesting.. I thought the README explained that for you. After install, you can find this file at /usr/X11R6/README. Plus, you most likely were trying out a pre 4.x XFree distribution which could easily be as hard as you describe.

  20. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  21. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  22. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  23. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  24. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  25. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  26. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  27. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  28. Available swag -- Support OpenBSD by Anonymous Coward · · Score: 0 · on OpenBSD 3.3 Released
    There are some nice 3.3 goodies you can order now:


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  29. Show your support! by terrencefw · · Score: 3, Insightful · on OpenBSD 3.3 Released

    This is good news for the OpenBSD community indeed, but rather than downloading, you might consider buying the CD set from a retailer near you to fund further development. Given the recent funding issues, now couldn't be a better time to support this superb open source project.

  30. AbiertoBSD by rice_burners_suck · · Score: 1 · on OpenBSD 3.3 Released
    AbiertoBSD... claro que lo uso mucho.

    I've been waiting for this release for a number of months now and want to express my gratitude to the OpenBSD folks. Of course, that means buying a few more of their CDs. Heh, heh... Shameless support for my favorite OS. What's in their best interest is in the best interest of my computing environment, right? Good!

    Now where is that post I wrote a few days ago about building a new distro called AbiertoBSD out of used car parts?

  31. Re:High bandwidth whoring by cravey · · Score: 2, Informative · on OpenBSD 3.3 Released

    Try the 'FTPing Releases' link under 'Getting OpenBSD' or just click here

    Looking at the homepage helps. ;)

  32. PF FAQ by dolmant_php · · Score: 5, Informative · on OpenBSD 3.3 Released

    With the new normal FAQ upgrades also comes the new PF FAQ:
    http://openbsd.org/faq/pf/index.html

  33. OpenBSD 3.3 Song by dknj · · Score: 5, Informative · on OpenBSD 3.3 Released

    Lets not forget about the OpenBSD Song

    -dk

  34. OpenBSD 3.3 Song by dknj · · Score: 5, Informative · on OpenBSD 3.3 Released

    Lets not forget about the OpenBSD Song

    -dk

  35. Re:Did they discuss "all in one" wireless routers? by FiDooDa · · Score: 1 · on 802.11 Security

    You can always do some MAC adress filtering and don't forget to change the default admin password (or add one if there isn't one).

    Personnally, I don't like having those base stations directly on the Internet. That's why I keep them behind my Firewall (usually OpenBSD). Then you can add authpf functionnality to limit Internet access only to your authenticated users.

  36. Maybe Debian can help NetBSD with another platform by Plankeye · · Score: 3, Interesting · on Debian NetBSD for Sparc
    ... the HPPA architechture, specifically the 800 models. Debian already has a working port of Linux to these systems. However, NetBSD and OpenBSD aren't quite there yet.

    It would be great to be able to run *BSD on these machines, especially the older ones we have where hp-ux just doesn't hack it anymore.

  37. Re:About Debian's FreeBSD based system. by OA · · Score: 3, Informative · on Interview With The FreeBSD Core Team
    For status of Debian's netBSD/FreeBSD based system:

    netBSD port status

    netBSD port status

    Answer to 2 specific questions:

    • [quote]Is it a joint project by FreeBSD and Debian teams?[/quote]

      I do not know exactly, ... but it looks like soley by Debian Developer developing user land software using only netBSD kernel.

    • [quote]The Debian is basing their efforts on the already established ports of various applications on *BSD. eg. see the following from Debian's NetBSD based distribuition's information pages.[/quote]

      I do not think this is true.

      From Why Debian GNU/NetBSD?:

      Why Debian GNU/NetBSD?

      • NetBSD runs on hardware unsupported by Linux. Porting Debian to the NetBSD kernel increases the number of platforms that can run a Debian-based operating system.
      • The Debian GNU/Hurd project demonstrates that Debian is not tied to one specific kernel. However, the Hurd kernel is still relatively immature - a Debian GNU/NetBSD system would be usable at a production level.
      • Lessons learned from the porting of Debian to NetBSD can be used in porting Debian to other kernels (such as FreeBSD and OpenBSD).
      • In contrast to projects like Fink or Debian GNU/w32, Debian GNU/NetBSD does not exist in order to provide extra software or a Unix-style environment to an existing OS (the *BSD ports trees are already comprehensive, and they unarguably provide a Unix-style environment). Instead, a user or administrator used to a more traditional Debian system should feel comfortable with a Debian GNU/NetBSD system immediately and competent in a relatively short period of time.
      • Not everybody likes the *BSD ports tree or the *BSD userland (this is a personal preference thing, rather than any sort of comment on quality). Linux distributions have been produced which provide *BSD style ports or a *BSD style userland for those who like the BSD user environment but also wish to use the Linux kernel - Debian GNU/NetBSD is the logical reverse of this, allowing people who like the GNU userland or a Linux-style packaging system to use the NetBSD kernel.
      • Because we can.
  38. Re:Why not use OpenBSD? by Penguuu · · Score: 1 · on Interview With The FreeBSD Core Team

    This is going to be in next OpenBSD-version (well, the next after 3.3, which is going to be released 1.5.2003)

    You can see the list Here

  39. Re:Posters here by Halvard · · Score: 1 · on Promotional Posters for Open Source and Linux?

    This is the one I want! It's got Spong Bob on acid and Squidward in drag!

  40. Well, good Sir, Open BSD of course... by Noodlenose · · Score: 3, Informative · on Promotional Posters for Open Source and Linux?
    Hi! Check out all the posters at the OpenBSD Website .

    You'll be financing the best OSS in the world and will help Theo forget the Darpa Grant.

  41. Posters here by Anonymous Coward · · Score: 4, Informative · on Promotional Posters for Open Source and Linux?

    You can get posters from OpenBSD online shop. 9 very cool posters for OpenBSD/OpenSSH - the artwork is superb. It's a shame that there wasn't a poster for the 2.6 release's "Script Kitty & fish bowl" art... by far the best ever.

  42. Re:For those not keeping score... by Whyzzi · · Score: 3, Interesting · on New PF on FreeBSD snapshot available

    When pf was in 3.0 -current, it wasn't ready for prime time. 3.1 -stable was alot better, lacked a few features, but way better. I (could be wrong , but I) am of the belief that they've added (not fixed) features since 3.2, and it is awesome.

    I'm using a 3.3 snapshot from March @ my small organization's 60pc firewall -- one as a bridge protecting my w2k server, the other as 3nic internet/nat+squid/dmz firewall -- both machines are utilizing altq to aggregate traffic nicely, on 64meg 166Mhz pentium classics no less. Squid tends to make my *uptime* pop over 1.00 once and awhile, but before I added squid the machine never broke a sweat.

    I played with linux's ipchains, and couldn't get used to the syntax ipchains required. I've used OpenBSD since 2.8, first with ipfilter (forced me to learn global string searching in vi), and gladly moved to pf. The macros and variable expansion simplify the configuration process considerably (my pf.conf is 217 lines long - macros, tcp options, altq, redirects and finally filters - all with adequate spacing and comments), and resetting the rules (likely other firewalling tools have this too) without losing state.

    Please, don't hesitate to order 3.3 when it is released, or at least check out pf in either FreeBSD or OpenBSD.

  43. Re:Ballmer's right by buggered · · Score: 1 · on Ballmer on Windows Server 2003, Linux

    But you forgot Security. "Trusted Computing", now that's innovation at it's best!! (Trusted Debian and OpenBSD haven't innovated at all, they are just copies of 20+ year old technology.).

  44. Re:For those not keeping score... by Huge+Pi+Removal · · Score: 1 · on New PF on FreeBSD snapshot available

    Sorry, the pf.conf manpage... my mistake.

    http://www.openbsd.org/cgi-bin/man.cgi?query=pf.co nf&apropos=0&sektion=0&manpath=OpenBSD+Current&arc h=i386&format=html

    Just look at all the little details they throw in. You don't *just* get tables, you can define them as being 'const' too, which is rather handy... The whole thing is carefully designed, not thrown together.

  45. Re:For those not keeping score... by Huge+Pi+Removal · · Score: 3, Informative · on New PF on FreeBSD snapshot available

    If you read the man page for ipfw and compare & contrast with the man page for pf, you can immediately see just how much better pf is.

    ipfw is basically a basic packet filter with a few things bodged on top of it (variable expansion, keeping state, etc) (OK, that's a bit unfair, but it's what it *feels* like to use). pf is a built-from-the-ground-up total firewall solution, with a hell of a lot of flexibility, and also several functions which will do in one line what it takes ipfw rather longer to do (e.g. anti-spoofing). Plus the simple command "scrub in all" on your border router immediately renders most TCP-fragmentation attacks benign.

    Essentially, if you want a router with a bit of filtering, ipfw will do you. If you want a serious firewall, go for pf. However, if you want a serious firewall, you should already be going with OpenBSD anyway :)

  46. For those not keeping score... by drdink · · Score: 3, Informative · on New PF on FreeBSD snapshot available
    PF is the Packet Filter used in the latest releases of OpenBSD. OpenBSD developed pf after a licensing dispute with Darren Reed basically resulted in him telling OpenBSD to go to hell.

    FreeBSD, up to now, has had two different firewalling methods. First off, there is the natively developed ipfw tool, which recently got a renovation and is now ipfw2 in -CURRENT. The alternative to ipfw is Darren Reed's ipfilter, also known as just ipf. Both ipfw and ipfilter share similar capabilities, and it is generally user preference as to which one is used in FreeBSD.

    Now, it seems somebody has made the effort to port yet another firewalling mechanism to FreeBSD, this time pf. The features it claims to have over ipfw are:

    • built-in variable expansion
    • built-in NAT and preventing NAT detection
    • table (a kind of very large blocks of address) support
    • packet normalization
    • state modulation
    • powerful state tracking
    • automatic rule optimization
    • queueing with ALTQ
    • load balancing with multiple routes

    Presumably, some of these are rather desirable features. However, it is beyond me why FreeBSD needs yet another way to do firewalling when the interfaces and systems we have now already work well. It is my opinion that instead of porting something proprietary to OpenBSD like pf, time should have been spent either patching these features into ipfilter or ipfw to add functionality to an already accepted and loved firewalling mechanism. There is no reason FreeBSD needs to dig a deeper firewalling grave for itself like OpenBSD has done.

  47. Re:PF? by TilJ · · Score: 3, Informative · on New PF on FreeBSD snapshot available

    PF is short for 'packet filter', and it's the native firewall code for OpenBSD. Here's the man page for the config file.

    PF is fairly new compared to IPFW and IPFilter, but it has reapidly been gaining advanced features and capabilities. Porting it to other operating systems is a good thing IMO - the more competition in this field, the better ;-)

  48. support OpenBSD by Anonymous Coward · · Score: 0 · on Open Source Enables Terrorist States
    I see a lot of bla bla bla, but start putting your money where your mouth is... support the OpenBSD project, there are some nice 3.3 goodies you can pre-order now, shipping starts by the end of the week it seems.


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  49. support OpenBSD by Anonymous Coward · · Score: 0 · on Open Source Enables Terrorist States
    I see a lot of bla bla bla, but start putting your money where your mouth is... support the OpenBSD project, there are some nice 3.3 goodies you can pre-order now, shipping starts by the end of the week it seems.


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  50. support OpenBSD by Anonymous Coward · · Score: 0 · on Open Source Enables Terrorist States
    I see a lot of bla bla bla, but start putting your money where your mouth is... support the OpenBSD project, there are some nice 3.3 goodies you can pre-order now, shipping starts by the end of the week it seems.


    Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.