Slashdot Mirror

← Back to Stories (view on slashdot.org)

ClosedBSD 1.0b Released

Posted by timothy on from the minimalism dept.

An unnamed reader submits: "Joshua Bergeron released ClosedBSD 1.0B today. ClosedBSD is a firewall which boots off of a single floppy diskette, and requires no hard drive. It is based off of the FreeBSD kernel, and uses ipfw as it's native ruleset manager. Best of all: it is freely available under the BSD License. ClosedBSD also features an advanced curses based configuration utility for designing and managing firewall rulesets: Screenshots available.

72 comments

  1. Reduplication of efforts by billcopc · · Score: 2, Insightful

    Choice is nice, but do we really need n+1 floppy-based firewalls ? It seems like another beta of $nat_fw_kit comes out every other day, often only differentiated by the user interface and nothing else. Seems to me like these guys should pool together and try to merge the best of everyone's toolset.

    --
    -Billco, Fnarg.com
    1. Re:Reduplication of efforts by cetan · · Score: 5, Funny

      Well, do we really need 31 flavors of Linux? :)

      --
      In Soviet Russia...michael would be rotting in Siberia!
    2. Re:Reduplication of efforts by saintlupus · · Score: 4, Interesting

      Seems to me like these guys should pool together and try to merge the best of everyone's toolset.

      Probably, but then again, that could be said for any of the millions of other projects out there.

      How many editors do we really need? Window managers? Databases? Web browsers? MP3 encoders? CD players? Etc...

      The big power of using a *nix on my home machine is setting everything up _just_ like I want it, from the shell to the WM to the browser. My Linux box looks completely different from anyone else's that I know, but it works perfectly for me.

      --saint

    3. Re:Reduplication of efforts by NWT · · Score: 4, Interesting

      do we really need n+1 floppy-based firewalls ?
      Perhaps yes, perhaps not ... IMO it's better to get a 1gb harddrive to install the full freebsd distribution, not only a kernel and some stuff, because you'll have a lot more possibilities to play around with ;)
      On the other hand, they're useful, if you need a firewall/gateway solution in very short time ... for example in case of a harddrive failure, you put in the floppy, and your firewall/gw is back up and running in no time!

      Seems to me like these guys should pool together and try to merge the best of everyone's toolset.
      Nope, there i can't really agree ... it's very hard to mix different things together to get one good thing. Suppose you want to buy a new stereo, and you put together the best product from each of the big companies (f.e. the amplifier from JeVeCe, the MP3 player from sonie, the speakers from YXC)... when you put the thing together you'll experience a lot of problems due to incompabilities between the different parts. With software, it's the same, merging is tough and requires a big effort ...

      - Don't get upset, it's just _my_ opinion!

      --
      Life sucks.
    4. Re:Reduplication of efforts by wholesomegrits · · Score: 4, Insightful

      No kidding. I feel like saying FOR FUCKS SAKE, WHY USE A FLOPPY? It's 2002, I think we can move beyond an aged, failure prone media. Read this recent slashdot discussion and why I think floppy based distros are shit. It's just a stupid idea.

      What does a new hard disk cost? Peanuts. Is reliablity something that nobody cares about? All the tired arguments "Oh, you only use the floppy at bootup" and "Don't reboot it!" are pointless. Fact is, the thing could fail, and you'd not know it. Besides, does nobody keep log files anymore? I would think that the prevailing common sense would be to keep logfiles and update software now and then.

      --
      No sig is worth reading.
    5. Re:Reduplication of efforts by Anonymous Coward · · Score: 0

      Gee, thanks for your wise opinion. It really enlightened me.

      (jumps off building)

    6. Re:Reduplication of efforts by Anonymous Coward · · Score: 0

      (doesn't give a shit)

    7. Re:Reduplication of efforts by mr · · Score: 1

      Actually there are over 180 flavors.

      --
      If it was said on slashdot, it MUST be true!
    8. Re:Reduplication of efforts by Shanep · · Score: 2

      IMO it's better to get a 1gb harddrive to install the full freebsd distribution, not only a kernel and some stuff, because you'll have a lot more possibilities to play around with ;)

      And so will the hacker who roots your firewall, thanks to all those possibilities. ; )

      IMO, get a cheap 32MB Compact Flash card and IDE adaptor, install emBSD and watch them try to root it.

      With firewalls, small is best. If you're running any services beyond perhaps ssh, or have non firewall critical binaries or compilers lying around, you're asking for trouble.

      --
      War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
    9. Re:Reduplication of efforts by pmenoud · · Score: 1

      Last time I read something about firewalls (from O'Reilly I guess), it seems just a bad idea to keep the log on the disk in case of an intrusion which breaks everything on that very disk.

    10. Re:Reduplication of efforts by atr0x · · Score: 1

      FOR FUCKS SAKE "Is reliablity something that nobody cares about?" is exactly WHY you would want only a floppy!

      The FACT (not "tired argument") that you only use the floppy at bootup is a totally viable point. You DO only use it at boot, so what exactly is your point about reliability?

      "Fact is thing could fail . . . " blah blah blah. What does that mean? What could fail, the floppy? Yeah, OK. The machine could fail, sure, but it has a far smaller chance of failure with fewer parts (and if you set it up correctly there is monitoring going on.)

      Less moving parts, its that simple. The firewall doesnt need to do any fancy crap, it needs to filter packets, masquerade packets and thats it.

      Software DOES get updated with floppy based systems, you stick in a new floppy and reboot.

      Log files is the only valid point you even come close to making. Yes you want to log. You CAN do that with a floppy based system by storing the logs on a device that is loaded in ram. Of course the logs are lost if reboot, but firewalls dont reboot by accident. Uptime on mine is over 120 days. A cron job tars and compresses the logs and ftps them to "server" that can store the information.

      Overall floppy based "distros" are great for firewall-VPN-gateway-router type applications. In fact what do you think a checkpoint firewall or a cisco router is? These are appliances that boot from a very small device (ROM, etc), have no moving parts and perform routing and firewall functions. Checkpoint is BSD kernel, JUST LIKE this closedBSD project!

    11. Re:Reduplication of efforts by Anonymous Coward · · Score: 0

      GOOD for you. But FUCK OFF. You are mistaken if you think that I GIVE A SHIT about your comment, because I DON'T. So SAVE YOUR FUCKING BLATHER.

    12. Re:Reduplication of efforts by rabidcow · · Score: 1

      The point about failure, I believe, is that the floppy could fail without you realizing it, and then you're screwed when you try to reboot/update something, whenever that may happen. (say if there's a power failure, for one) Seems to be a rather minimal problem to me, unless you're prone to "oh shit, it's not working" panic attacks.

      I suppose a hard drive would be a more reliable alternative, but a bit of overkill. Booting from ROM or flash would be optimal.

      Logs can be preserved with a printer, or email/ftp/a different machine.

    13. Re:Reduplication of efforts by hearingaid · · Score: 2

      Floppy-sized distros can be burned to an EPROM. That means, basically, your OS is on your NIC. IE, driveless boot.

      Reliability? Yup, it's there. Moving parts? Forget it.

      --

      my old sig used to be funny, but then slashcode ate it and now it's not funny anymore

    14. Re:Reduplication of efforts by edunbar93 · · Score: 2

      Advantages of a floppy over a harddrive for a firewall:

      1) if you write-protect a floppy, noone can log in as root and change the write attribute on the mounted partition.

      2) because of 1), if (when) someone cracks the box, they can't install a rootkit or otherwise compromise your binaries (except in memory, in which case the fix is to reinstall by rebooting).

      3) you don't want to keep log files on the firewall anyway. You want to use the syslog facility to log elsewhere where they can be stored out of harm's way. (ideally on a dot matrix printer, less ideally on a computer on the network.) Without a /var partition and minmal binaries, why do you need a hard drive at all?

      It's true that you could use a CDrom for all this instead, but at the same time, you can only tweak the configuration on a CDRW drive so many times, which can be an irritating process in and of itself.

      --
      "No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
    15. Re:Reduplication of efforts by wholesomegrits · · Score: 1


      1) if you write-protect a floppy, noone can log in as root and change the write attribute on the mounted partition

      Mount the file system as read only on the HD.

      Without a /var partition and minmal binaries, why do you need a hard drive at all? Reliability

      There are NO advantages to using a floppy. A CD-R, EEPROM (like someone suggested) or hard disk can do everything, but a whole lot better.

      --
      No sig is worth reading.
    16. Re:Reduplication of efforts by Groganz · · Score: 1

      How trivial is it to keep a floppy image on another computer? Floppies are disposable media, I'm always chucking them out and getting a new box. They have become a boot image tool rather than a storage media.

    17. Re:Reduplication of efforts by Laser+Lou · · Score: 1

      Hold your horses there now about floppys. Aren't we just now ending the use of punch-cards at voting booths?

      --
      No data, no cry
    18. Re:Reduplication of efforts by Anonymous Coward · · Score: 0

      After reading thru your posts on the subject
      of floppy-based firewalls, I can only conclude
      that you have a brain damage.

      Noone else could continuously beat their head
      against a wall on a *subjective* subject, and
      an idiotic one at that.

      What the hell do you care if someone produces
      a floppy-based firewall? What the hell do you
      care if I use one?

      Come to think of it, maybe *I* have brain damage -
      I keep responding to brain damaged idiots...

    19. Re:Reduplication of efforts by Anonymous Coward · · Score: 0

      What does a new hard disk cost? Peanuts. Is reliablity something that nobody cares about?

      Reliability is exactly what folks are worried about. Yes, floppy disks are unreliable. But floppy *drives* aren't that unreliable. I have floppy drives that are 20 years old (C-64) and still work. Now how long will the drives that are going for "peanuts" these days last?

      What's more, removing the hard disk means : fewer moving parts. Without a hard disk, you have the CPU fan and PSU fan. Underclock a pentium enough (or use a 386 or 486) and you can get rid of the CPU fan.

      Think also : noise. For home use, this is as important as reliability. For business use, most companies will have a "machine room" or closet or something. They will also have the $$$ to use something other then a firewall on a floppy (floppywall??). In my home office, just the 2 computers running is annoying. Even though I invested in quieter components when I could!

      Other thoughts : maybe someone should make a cheap, bootable USB dongle?

    20. Re:Reduplication of efforts by Anonymous Coward · · Score: 0

      Well, do we really need 31 flavors of Linux?
      Do we really need 8,000 species of bird?
  2. How about by Anonymous Coward · · Score: 0

    DeadBSD ?

    It actually sounds cool...

    1. Re:How about by hobbes2112 · · Score: 1

      Only if it comes with roses and TieDyes :) Heck BSD did come from the land of Berkeley!

  3. IPFW vs. IPTables by silicon_synapse · · Score: 3, Interesting

    I've never used/heard of IPFW. How does it compare to IPTables. Do you get the same level of granularity?

    1. Re:IPFW vs. IPTables by NWT · · Score: 3, Informative

      First of all: NEtfilter/Iptables is Linux stuff, IPFW is from *BSD!
      I think iptables has a lot more features than IPFW, and of course, the syntax is different!

      Another interesting thing is that the first Linux packet filter was a port (done by Alan Cox) from BSD's IPFW to (the Linux) Kernel 1.1!

      --
      Life sucks.
    2. Re:IPFW vs. IPTables by Anonymous Coward · · Score: 0

      it has advanced a lot since then
      it supports state-keeping and stuff like that now

      i don't think there's much difference in terms of available features

  4. Why reinvent PicoBSD? by Anonymous Coward · · Score: 1, Interesting

    > man picobsd
    PICOBSD(8) FreeBSD System Manager's Manual PICOBSD(8)
    NAME
    picobsd - floppy disk based FreeBSD system

    SYNOPSIS
    picobsd [options] [floppy-type [site-name]]

    DESCRIPTION
    picobsd is a script which can be used to produce a minimal implementation
    of FreeBSD (historically called PicoBSD) which typically fits on one
    floppy disk, or can be downloaded as a single image file from some media
    such as CDROM, flash memory, or through etherboot.

    1. Re:Why reinvent PicoBSD? by Anonymous Coward · · Score: 2, Informative

      closedbsd has a full menu front end for configuring firewall rules, and an init(8) replacement that looks like it might actually *work*.. this differs from picobsd in many ways.

  5. JPEGs instead of GIFs by King+of+the+World · · Score: 0
    Yet another reason why programmers don't necessarily make good web designers.

    Four colour screen shots saved as JPEG. That's what GIF/PNG was made for.

    The yellow and the light-grey bleed together as the night rages in. The King of the World will not sleep easy tonight.

    --
    --Giving to trolls for the benefit of us all
    1. Re:JPEGs instead of GIFs by Anonymous Coward · · Score: 0

      Patnds are Vary GAY. Plz ignore.
      Yooz PNG. Eet Arsenick. Dy.

      Thnx! :)

  6. Why... by Anonymous Coward · · Score: 0

    Why, in heavens name, was this called ClosedBSD, rather than something much more clear and obvious, like, say, "tinyBSD", since it is tiny, as in like PicoBSD, rather than closed, as in ?license? :). Even "BRP" (BSD Router Project) would have been better and less confusing!

    1. Re:Why... by NWT · · Score: 1

      I guess the name is ClosedBSD, because it closes the doors/ports for bad guys such as hackers ... what a firewall is supposed to do. The name is basically an allusion to security ...

      --
      Life sucks.
    2. Re:Why... by TurboRoot · · Score: 2, Funny

      I'm sure it is nice, I just can't find a floppy drive to boot it off of.

    3. Re:Why... by Electrum · · Score: 3, Funny

      I guess the name is ClosedBSD, because it closes the doors/ports for bad guys such as hackers ... what a firewall is supposed to do. The name is basically an allusion to security ...

      I have it on good word that the name is a poke at the OpenBSD guys.
    4. Re:Why... by lw54 · · Score: 1

      There was a tinybsd project started about 2 years ago I would guess. I don't know what ever happened to it.

  7. Re:*BSD is dying by elzbal · · Score: 0, Offtopic

    Man, do I hate these trolls. BSD has a much bigger installed base on the Desktop than all Linux distributions combined. Just take a look at http://www.apple.com And let's stop it with these stupid flames.

  8. CD-ROM based distribution by MavEtJu · · Score: 4, Insightful

    I'm sorry but it is months ago since I've used a floppy. And that was to test out PicoBSD. I would be much more happy to see a bootable cd-rom based thingie, which would allow me to put some bigger stuff on it, like sshd, tcpdump, trafshow, ngrep et al. Despite that it is only a firewall, I need these tools to debug stuff.

    --
    bash$ :(){ :|:&};:
    1. Re:CD-ROM based distribution by Anonymous Coward · · Score: 0

      Unfortunately, you would still need a floppy diskette to _save_ the configuration data (rulesets, passwords, etc), in the event you loaded the system off of a cdrom.

    2. Re:CD-ROM based distribution by hobbes2112 · · Score: 1

      What about using a CDRW? that could work...and the drives are getting pretty cheap nowadays

    3. Re:CD-ROM based distribution by evilviper · · Score: 2

      That would be damn tricky. Unlike a floppy, CDs don't allow you to delete a few files. You add to the CD, then you erase the whole thing and start again.

      I've said it time and time again... Nothing is going to be able to replace the floppy unless it can be read and written to with native BIOS calls, so it can be read,written, and changed as easially as floppies. If zip disks were a bit cheaper,smaller,or stronger they could have done what CDs couldn't.

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    4. Re:CD-ROM based distribution by alyandon · · Score: 1

      Wouldn't this be possible if there was support for the UDF filesystem and packet writing? Is anybody work on it?

    5. Re:CD-ROM based distribution by Anonymous Coward · · Score: 0

      Reason IMHO you dont see cdrom versions of these type of things is because alot of old 486 junk computers that are laying around dont have cdroms in them..its easier just to use a floppy disk and throw it in a closet.

    6. Re:CD-ROM based distribution by castlan · · Score: 1

      A CD-ROM would not let you put anything on the system. You need a hard drive for that. Bootable CD-ROMs are based off of Floppy images (el-torito standard for x86), so there is no reason you couldn't just burn the floppy image to a CD with your custom setup of tcpdump, ngrep et al.

      There are some that would say you shouldn't be running these applications from your filewall anyway, but from another machine on your network. The only reason utilities would need to be on your firewall is to measure the kinds of traffic outside of your network, and that would still be better to run from an external workstation. Such complexity might lead to your firewall failing.

    7. Re:CD-ROM based distribution by MavEtJu · · Score: 2

      There are some that would say you shouldn't be running these applications from your filewall anyway, but from another machine on your network. The only reason utilities would need to be on your firewall is to measure the kinds of traffic outside of your network, and that would still be better to run from an external workstation.

      I don't agree with your reasoning. If you are investigating a normal problem on your network, you can do it this way. If you are investigating a normal problem outside your network, you can do it this way.

      But if you are investigating a problem between your network and outside your network, you need to do it on the firewall because that's where the magic is happening!

      You *might* see what is not working in your network, you *might* see what is not working outside your network, but you will have to check it on the box where the address-translation is done, where the firewall rules are checked, which has a list of access-rules. If your machine doesn't have the tools to debug you're screwed++ and in deeper trouble than the one you're in when you are running into trouble.

      --
      bash$ :(){ :|:&};:
    8. Re:CD-ROM based distribution by reason1000 · · Score: 1

      Is there a cd-rom based distribution of Linux?
      If so, where can one find it?

      --
      Visit http://linuxusers.tripod.com
  9. Re:This has already existed for a LONG time. by Anonymous Coward · · Score: 1, Informative

    closedbsd seems to have a LOT more functionality than picobsd has. it looks to me like closedbsd is essentially picobsd combined with a suite of configuration utilities (ncurses/dialog based managers, etc) the screenshots clearly show the differences.. picobsd has no interactive-menu based utility to manage the system, which is what closedbsd seems to offer to its users (interface management, ipfw ruleset management, nat management, realtime connection information, etc)

    while picobsd and closedbsd are certainly comparable as far as the style of the distribution. closedbsd looks to bring it more to the end user as far as simplicity and the interface goes.

  10. Re:*BSD is dying by Anonymous Coward · · Score: 0

    So your one of those self-righteous losers who take slashdot seriously. If I see you walking down the street, I'm gonna kick your ass! Until that fateful day, you might want to consider that slashdot is a fucking joke, just like most of these posts.

    Recently, Slashdot [goatse.cx] confirmed that WindRiver bucked FreeBSD out on its ass for a carton of Winstons and a case of Moosehead. This only serves to confirm the fact that FreeBSD is unwanted, doomed to be passed around like an old copy of redhat 7.2.

  11. Re:*BSD is dying!!! by hobbes2112 · · Score: 1

    What makes you say something like that? I myself am new to the OS, so maybe it is just me...but I am noticing a lot of people switching the the BSDs from linux (as I did.)

  12. Re:This has already existed for a LONG time. by Anonymous Coward · · Score: 0

    R u m or f? A/S/L?

  13. Re:*BSD is dying by NWT · · Score: 1

    So your one of those self-righteous losers who are unable (too stupid) to handle *BSD? hah. and therefore you just keep posting crap about *BSD, and wasting your time? perhaps you should f*uck your inflateable girlfriend/boyfriend the next time you plan to post trollish trash!

    *BSDs are great os, and if you don't like it, skip it! Funny anyway that you're hiding behind an AC ... that's typical!

    - I'm dead serious, so don't mod this funny!

    --
    Life sucks.
  14. Re:CD-ROM based distribution (CDROM and Floppy?) by computer_space · · Score: 1

    What about both?
    A CDROM for the big stuff and a floppy for the config stuff. You can then flip the write protect tab when you get the setup the way you want.
    A password could even be set on the floppy which is encrypted with the config file to keep everyone else from looking at the config file on the disk and devising breaks.
    That way someone couldn't drop by to copy the disk, go home and analyze your setup and devise breaks on a private setup until it works.

  15. Re:*BSD is dying by Anonymous Coward · · Score: 0

    I wrote that post sir, and you are wrong about me, but I am right about you, you are a self-righteous twat. You can't handle a few troll posts, you are a turd. You should broaden your horizons and post some trolls yourself, I highly recommend it.

    to wit:
    magnolia# uname -a
    FreeBSD magnolia.xxx.xxx.xx FreeBSD 4.5-STABLE #0: Mon Mar 4 21:47:22 EST 2002 root@magnolia.xxx.x.xx.xx:/usr/src/sys/compile/MAG NOLIA i386

  16. submit the project by slashtop · · Score: 0

    I would like author to submit this project to FreeBSD, in standard FreeBSD distribution, there isn't a TUI utility to setup firwall, I would like to see it in FreeBSD system.

  17. *BSD is so Gay by Anonymous Coward · · Score: 0

    *BSD is so Gay.

    1. Re:*BSD is so Gay by Anonymous Coward · · Score: 0

      Your mom is so gay.

  18. Re:CD-ROM based distribution (CDROM and Floppy?) by promiscuous-mode · · Score: 1

    look at ISO Linux.

    Dan

  19. ClosetBSD? (OT) by CoolVibe · · Score: 1
    Most people I know (including myself) have their firewall/modems/network kit at home stacked in a (broom)closet. Why not name it ClosetBSD? :-)

    And secondly, what is this disto do extra what I can't duplicate using PicoBSD? Only a front-end menu?

  20. contributions by Partisan01 · · Score: 1

    On their site on the contributions page this guy points to the FreeBSD project and the picoBSD project. I'm glad to see this, give credit where credit is deserved. Nice work on his part, and send some of the money back to the FreeBSD guys so they can keep up the great work they're doing. Props guys...


    --
    ahh, the egg in the basket..
  21. favorite theo comment by Anonymous Coward · · Score: 0

    from an interview he did with hemos (http://slashdot.org/article.pl?sid=00/12/11/14552 10)

    "I must say that I am not a fan of these floppy-based routers. Essentially, you are taking one of the most unreliable pieces of storage known to man, and trying to build security infrastructure on it. That's madness. Just buy a small disk. Perhaps somethings based on a CD plus some other (non-floppy) persistant storage might be sane. But please. Not floppies. Are you mad?

    it has merit.

  22. Re:*BSD is dying by Art+Tatum · · Score: 1

    Don't feed the trolls. Please.

  23. as long as theo is against it... by Anonymous Coward · · Score: 0

    I am all for it!

  24. Basics on a CD-based FreeBSD firewall by dgrgich · · Score: 1

    Here's the link. Looks fairly interesting for comparison to ClosedBSD1.0 I imagine that ClosedBSD1.0 is going to have nicer "interface" as it is specialized. For those of you who are antsy about floppies, you might have to pay for that predilection in more config time.

    http://bsdtoday.com/2002/March/Features646.html

  25. Re:*BSD is JAZZ, man by TiggerStripe · · Score: 1

    hey Tatum you really play some wholesome piano.. howz about some trolling music for the People :O)

    --
    --you have been trolled--