Using OpenBSD to Secure Small Networks, Part 2

An Anonymous Coward writes: "ONLamp has another article on securing small networks, this time with the current version of OpenBSD and pf. Quite good."

State Table

[Perdo]

is broken... please try again.

Duh ...

[NWT]

Ok, the article is fine, informative and well shaped, needless to say that openbsd does it's work really well as a firewall.

But why the hell do we have 80% troll posts? This sucks ... really.

Oh yeah, mod me down now, but you know i'm right ...

Re:Duh ...

Probably because noone gives a damn about an "operating system" from the 80's.

Re:My experiences with Windows XP Professional

[sirket]

Why are you wasting Quad Xeon processors on an OpenBSD box? OpenBSD has always had poor dual processor support, and the performance boost drops even further when you go to 4 processors.

Are you sure these boxes weren't running FreeBSD?

-sirket

Re:My experiences with Windows XP Professional

OpenBSD doesn't even have SMP support.

Pay attention.

Re:My experiences with Windows XP Professional

[Tuzanor]

um, actually OpenBSD doesn't have ANY SMP support. So if you add more procs it'll only use one.

Re:In case site goes down

Heh, as if the seven Slashdot *BSD section readers are gonna take down a server.

Then again, it _IS_ running *BSD...

Next, How to Count all the Haxors being blocked

I'll bet he gets to do another article (do you think there is money in writing for O'reilly web?) and will tell you how to look at those log files.

I read where tcpdump has a vulnerability, does anyone know what that would mean to looking at your pf logs?

Of course, we should expect to soon see the ipfilter vs pf flames shooting out from the screen, real soon now.....NOT!

What does it ALL mean?

I happen to have pf running on my cable modem, and it does great, thank you. But the number of blocked atacks that appear to be residual Code Red or Nimbda is astonishing. Is the Internet catching the equivalent of the common cold, that drains more productivity out of the economy than cancer or heart disease?

OpenBSD as more then a firewall

[Partisan01]

I am a OpenBSD fan, but I think that it doesn't get as much stage time for things other then a firewall. I use OpenBSD to run a webserver for my company, and an LDAP server. Granted I'm not running a high profile server, but it still gets the job done nicely, plus it's very secure. OpenBSD is a great firewall, but it also excells in many other aspects of serving...

Re:OpenBSD as more then a firewall

[artymiak]

Don't worry, there will be more OpenBSD coverage on ONLamp.com.

Re:OpenBSD as more then a firewall

Indeed. And past benchmarking (I don't have a url to hand, it was a while back) has shown that it out performed Sol servering http content with apache.

Re:My experiences with Windows XP Professional

It doesn't have ANY; LOL!

Follow the SMP branch and you're see it does have SOME, and not 'not ANY'.

Re:My experiences with Windows XP Professional

The main release of OpenBSD has zero SMP until you put the unstable SMP patches on it. Most of the current code just detects CPUs and sets up the framework. They have a LONG way to go but are moving forward. There are't any real performance improvements yet. Give it some time though.

Re:My experiences with Windows XP Professional

OpenBSD is the best firewall !
I/O performance is too slow for other tasks compared to its competition.

Try emBSD

[KenFury]

Take a look at emBSD at 32 meg it's small and secure (OS is on flash memory). Most inportantly it does one job, routing and firewall duties, and it does it well. http://embsd.suspicious.org/