ClosedBSD 1.0b Released

← Back to Stories (view on slashdot.org)

Posted by timothy on Monday March 4, 2002 @03:31AM from the minimalism dept.

An unnamed reader submits: "Joshua Bergeron released ClosedBSD 1.0B today. ClosedBSD is a firewall which boots off of a single floppy diskette, and requires no hard drive. It is based off of the FreeBSD kernel, and uses ipfw as it's native ruleset manager. Best of all: it is freely available under the BSD License. ClosedBSD also features an advanced curses based configuration utility for designing and managing firewall rulesets: Screenshots available.

16 of 72 comments (clear)

Min score:

Reason:

Sort:

Reduplication of efforts by billcopc · 2002-03-04 03:51 · Score: 2, Insightful

Choice is nice, but do we really need n+1 floppy-based firewalls ? It seems like another beta of $nat_fw_kit comes out every other day, often only differentiated by the user interface and nothing else. Seems to me like these guys should pool together and try to merge the best of everyone's toolset.

--
-Billco, Fnarg.com
1. Re:Reduplication of efforts by cetan · 2002-03-04 04:05 · Score: 5, Funny
  
  Well, do we really need 31 flavors of Linux? :)
  
  --
  In Soviet Russia...michael would be rotting in Siberia!
2. Re:Reduplication of efforts by saintlupus · 2002-03-04 06:11 · Score: 4, Interesting
  
  Seems to me like these guys should pool together and try to merge the best of everyone's toolset.
  
  Probably, but then again, that could be said for any of the millions of other projects out there.
  
  How many editors do we really need? Window managers? Databases? Web browsers? MP3 encoders? CD players? Etc...
  
  The big power of using a *nix on my home machine is setting everything up _just_ like I want it, from the shell to the WM to the browser. My Linux box looks completely different from anyone else's that I know, but it works perfectly for me.
  
  --saint
3. Re:Reduplication of efforts by NWT · 2002-03-04 06:35 · Score: 4, Interesting
  
  do we really need n+1 floppy-based firewalls ?
  Perhaps yes, perhaps not ... IMO it's better to get a 1gb harddrive to install the full freebsd distribution, not only a kernel and some stuff, because you'll have a lot more possibilities to play around with ;)
  On the other hand, they're useful, if you need a firewall/gateway solution in very short time ... for example in case of a harddrive failure, you put in the floppy, and your firewall/gw is back up and running in no time!
  
  Seems to me like these guys should pool together and try to merge the best of everyone's toolset.
  Nope, there i can't really agree ... it's very hard to mix different things together to get one good thing. Suppose you want to buy a new stereo, and you put together the best product from each of the big companies (f.e. the amplifier from JeVeCe, the MP3 player from sonie, the speakers from YXC)... when you put the thing together you'll experience a lot of problems due to incompabilities between the different parts. With software, it's the same, merging is tough and requires a big effort ...
  
  - Don't get upset, it's just _my_ opinion!
  
  --
  Life sucks.
4. Re:Reduplication of efforts by wholesomegrits · 2002-03-04 08:11 · Score: 4, Insightful
  
  No kidding. I feel like saying FOR FUCKS SAKE, WHY USE A FLOPPY? It's 2002, I think we can move beyond an aged, failure prone media. Read this recent slashdot discussion and why I think floppy based distros are shit. It's just a stupid idea.
  
  What does a new hard disk cost? Peanuts. Is reliablity something that nobody cares about? All the tired arguments "Oh, you only use the floppy at bootup" and "Don't reboot it!" are pointless. Fact is, the thing could fail, and you'd not know it. Besides, does nobody keep log files anymore? I would think that the prevailing common sense would be to keep logfiles and update software now and then.
  
  --
  No sig is worth reading.
5. Re:Reduplication of efforts by Shanep · 2002-03-05 10:43 · Score: 2
  
  IMO it's better to get a 1gb harddrive to install the full freebsd distribution, not only a kernel and some stuff, because you'll have a lot more possibilities to play around with ;)
  
  And so will the hacker who roots your firewall, thanks to all those possibilities. ; )
  
  IMO, get a cheap 32MB Compact Flash card and IDE adaptor, install emBSD and watch them try to root it.
  
  With firewalls, small is best. If you're running any services beyond perhaps ssh, or have non firewall critical binaries or compilers lying around, you're asking for trouble.
  
  --
  War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
6. Re:Reduplication of efforts by hearingaid · 2002-03-06 11:49 · Score: 2
  
  Floppy-sized distros can be burned to an EPROM. That means, basically, your OS is on your NIC. IE, driveless boot.
  Reliability? Yup, it's there. Moving parts? Forget it.
  
  --
  my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
7. Re:Reduplication of efforts by edunbar93 · 2002-03-07 07:40 · Score: 2
  
  Advantages of a floppy over a harddrive for a firewall:
  
  1) if you write-protect a floppy, noone can log in as root and change the write attribute on the mounted partition.
  
  2) because of 1), if (when) someone cracks the box, they can't install a rootkit or otherwise compromise your binaries (except in memory, in which case the fix is to reinstall by rebooting).
  
  3) you don't want to keep log files on the firewall anyway. You want to use the syslog facility to log elsewhere where they can be stored out of harm's way. (ideally on a dot matrix printer, less ideally on a computer on the network.) Without a /var partition and minmal binaries, why do you need a hard drive at all?
  
  It's true that you could use a CDrom for all this instead, but at the same time, you can only tweak the configuration on a CDRW drive so many times, which can be an irritating process in and of itself.
  
  --
  "No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
IPFW vs. IPTables by silicon_synapse · 2002-03-04 04:26 · Score: 3, Interesting

I've never used/heard of IPFW. How does it compare to IPTables. Do you get the same level of granularity?
1. Re:IPFW vs. IPTables by NWT · 2002-03-04 06:45 · Score: 3, Informative
  
  First of all: NEtfilter/Iptables is Linux stuff, IPFW is from *BSD!
  I think iptables has a lot more features than IPFW, and of course, the syntax is different!
  
  Another interesting thing is that the first Linux packet filter was a port (done by Alan Cox) from BSD's IPFW to (the Linux) Kernel 1.1!
  
  --
  Life sucks.
Re:Why reinvent PicoBSD? by Anonymous Coward · 2002-03-04 07:22 · Score: 2, Informative

closedbsd has a full menu front end for configuring firewall rules, and an init(8) replacement that looks like it might actually *work*.. this differs from picobsd in many ways.
CD-ROM based distribution by MavEtJu · 2002-03-04 08:37 · Score: 4, Insightful

I'm sorry but it is months ago since I've used a floppy. And that was to test out PicoBSD. I would be much more happy to see a bootable cd-rom based thingie, which would allow me to put some bigger stuff on it, like sshd, tcpdump, trafshow, ngrep et al. Despite that it is only a firewall, I need these tools to debug stuff.

--
bash$ :(){ :|:&};:
1. Re:CD-ROM based distribution by evilviper · 2002-03-04 20:18 · Score: 2
  
  That would be damn tricky. Unlike a floppy, CDs don't allow you to delete a few files. You add to the CD, then you erase the whole thing and start again.
  
  I've said it time and time again... Nothing is going to be able to replace the floppy unless it can be read and written to with native BIOS calls, so it can be read,written, and changed as easially as floppies. If zip disks were a bit cheaper,smaller,or stronger they could have done what CDs couldn't.
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
2. Re:CD-ROM based distribution by MavEtJu · 2002-03-08 13:31 · Score: 2
  
  There are some that would say you shouldn't be running these applications from your filewall anyway, but from another machine on your network. The only reason utilities would need to be on your firewall is to measure the kinds of traffic outside of your network, and that would still be better to run from an external workstation.
  
  I don't agree with your reasoning. If you are investigating a normal problem on your network, you can do it this way. If you are investigating a normal problem outside your network, you can do it this way.
  
  But if you are investigating a problem between your network and outside your network, you need to do it on the firewall because that's where the magic is happening!
  
  You *might* see what is not working in your network, you *might* see what is not working outside your network, but you will have to check it on the box where the address-translation is done, where the firewall rules are checked, which has a list of access-rules. If your machine doesn't have the tools to debug you're screwed++ and in deeper trouble than the one you're in when you are running into trouble.
  
  --
  bash$ :(){ :|:&};:
Re:Why... by TurboRoot · 2002-03-04 08:59 · Score: 2, Funny

I'm sure it is nice, I just can't find a floppy drive to boot it off of.
Re:Why... by Electrum · 2002-03-04 09:23 · Score: 3, Funny

I guess the name is ClosedBSD, because it closes the doors/ports for bad guys such as hackers ... what a firewall is supposed to do. The name is basically an allusion to security ...
I have it on good word that the name is a poke at the OpenBSD guys.