Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.2 Readies For Release, pf Matures

Posted by CowboyNeal on from the alternatives-to-linux-and-iptables dept.

An anonymous reader writes "Just over a year ago, OpenBSD creator Theo de Raadt ripped ipfilter out of the OpenBSD code leaving "the world's most secure OS" temporarily without a packet filter. Here's an interesting interview with Daniel Hartmeier, author of pf, the stateful packet filter developed as a replacement. Now just over a year old, it sounds like pf has already become a serious contendor in the world of stateful packet filtering. This interview is of particular relevance with OpenBSD 3.2 to be released on Friday, 11/1."

17 of 292 comments (clear)

  1. Poppycock! by Mr_Icon · · Score: 3, Funny

    Codswallop, January 11th is a Saturday!

    --
    If you open yourself to the foo, You and foo become one.
  2. Save you the effort... by Fnkmaster · · Score: 5, Funny

    Dear Slashdotters,

    I decided to save you the effort of replying to this article by summarizing all of the posts you are about to make.

    1) BSD is dead poster: BSD is dead! Only 13 people use OpenBSD and they all live in their parent's basements!
    2) Dumb Karma Whore: Packet filtering? What's that? Can somebody explain why pf is a better packet filter than the alternatives?
    3) De Raadt Hater: Theo sucks! Burn in hell, Theo, you self-righteous prick. FreeBSD 0wnz!

    1. Re:Save you the effort... by Anonymous Coward · · Score: 5, Funny

      what a stereotype!

      not everyone has a basement, you know.

    2. Re:Save you the effort... by ImpTech · · Score: 3, Funny

      Funny... while I don't live in my parents' basement, my OpenBSD box does, so I guess the first poster is half right.

    3. Re:Save you the effort... by ELiTeUI · · Score: 3, Funny

      Thats too funny.

      I also do not live in my parents basement, however one of my OpenBSD boxes does..

      I guess it is a small world after all.

      ELiTeUI

    4. Re:Save you the effort... by CBravo · · Score: 2, Funny

      of course, there is a reason that that box is in the basement. It does not go down.

      --
      nosig today
    5. Re:Save you the effort... by Dark+Lord+Seth · · Score: 3, Funny

      Heathen, you forgot three of them!

      Imagine a Beowulf cluster of packet filters!

      1. Develop a packet filter.
      2. ???
      3. Profit!

      ( ) CowboyNeal is my packet filterer! You insensitive clod!

      --
      Hate me!
  3. oh GREAT by Anonymous Coward · · Score: 4, Funny

    I had never before done any kernel programming, but I knew C

    Great... I'm going to recommend to my boss that we replace all our FreeBSD and Linux servers with OpenBSD! With that kind of kernel programming experience on the team, you know it's gonna be SOLID! Check it.. he didn't say he "heard of" C, or "dabbled in" C, or even "thought there was a language called" C, he KNEW C! Inside and out!

    And hey, did you read the interview, the man owns TWO, count 'em, TWO cats! Between the three of them, they should hammer out some sweet packetfilter code.

    (hey it's a joke. but I'm still not giving up FreeBSD)

  4. Re:OpenBSD's Security is Overrated by Anonymous Coward · · Score: 3, Funny

    so basically, you're saying: OpenBSD is the most secure OS out there, as long as you don't install it on a computer?

  5. Re:so is there a packet filter or not? by Trusty+Penfold · · Score: 2, Funny

    you break from Unix security flaws like:
    - The existence of a filesystem
    - Having any individual have much real authority over the system ....

    That sounds really bloody useful ... I can't do anything with my computer; and even if I could there's nothing I could do it to.

    If you don't mind, I'm off to assert my authority over some files now ( TieMeUp.Jpg doesn't know what is has coming!)

  6. Re:so is there a packet filter or not? by Anonymous Coward · · Score: 1, Funny

    Basically the license said that if you applied security patches to ipfilter and openbsd that it gave the author of ipfilter permission to install any software he wants on your computer and to take control of any media you may have (DRM)

  7. Re:Why no easy installer? by Dog+and+Pony · · Score: 5, Funny

    First off, anything is easy compared to installing Debian (typical that I *do* run it, anyways... sigh.) Well, slackware's worse.

    And second, no marketing drone has ever, as long as humans has kept track, installed anything except the latest email worm. For all the other software, they grab whoever is close and not wearing a tie. Usually it is some guy that would rather shoot himself in the foot than use up the afternoon installing windows Me, but there you go.

  8. pF by LeiraHoward · · Score: 4, Funny

    Wow.. you know you've been doing too much electronics homework when you look at "pF" and read it as "picoFarad" and wonder what that had to do with anything....

  9. Re:or VAX/VMS by Anonymous Coward · · Score: 3, Funny

    Yes, VMS had bugs, but they were all very well-documented. Consult manuals B-127J0 through B-141J7 for more information.

  10. Daniel Hartmeier's resume by Futurepower(R) · · Score: 4, Funny


    The article is one of the best resumes I've ever seen.

    Prospective employer: What have you done?
    Daniel: I wrote the stateful firewall in OpenBSD. Here's a kerneltrap.org article.
    Employer: (Silence while recovering from amazement.) What pay do you expect?


    I hit a key accidentally, and Mozilla posted my comment above.

  11. oh what one letter can do by Anonymous Coward · · Score: 1, Funny

    anyone else notice how its just one letters location that seperates a reference to the most insecure OS and the most secure OS?

    OBSD
    BSOD

    ehh past my bedtime i think

  12. Re:OpenBSD is crap, heres why - vermillion by Anonymous Coward · · Score: 1, Funny

    LOL you just smoked the original poster's ass like a cheap cigar