OpenBSD 3.2 Readies For Release, pf Matures

An anonymous reader writes "Just over a year ago, OpenBSD creator Theo de Raadt ripped ipfilter out of the OpenBSD code leaving "the world's most secure OS" temporarily without a packet filter. Here's an interesting interview with Daniel Hartmeier, author of pf, the stateful packet filter developed as a replacement. Now just over a year old, it sounds like pf has already become a serious contendor in the world of stateful packet filtering. This interview is of particular relevance with OpenBSD 3.2 to be released on Friday, 11/1."

Re:OpenBSD is crap, heres why - vermillion

I usually don't feed the trolls, but...

OpenBSD is fucking hype. The only good thing about it is SSH.

Yeah - SSH... and isakmpd, systrace, pf, altq, chrooted apache and whole-of-tree audits.

Re:Why no easy installer?

[krmt]

Making a good installer is hard work. OpenBSD just doesn't have its priorities there, and rightly so. If someone really felt strongly enough about the issue to write a nice graphical installer, or port one of the Linux ones over, there's nothing stopping them from doing so. It's just obviously not that important right now.

That said, if you want an easy install, there are plenty of alternatives for you. You've already mentioned Redhat and Mandrake, and there's also the very notable OSX. These might not be products focused primarily on security, but if you're really concerned about security then you're going to have to be willing to do some work of your own. Even OpenBSD doesn't guarantee security in the absence of knowledge. So if you're willing to put in the work to learn to be effectively secure (and thus actually use the system properly) then you're certaintly willing to learn how to install the thing.

Re:Why no easy installer?

[evilviper]

Personally, I find OpenBSD's installer to be simpler than ony other. Who needs a GUI?

Do you want to setup networking? [Y, n]
Do you expect to run XFree86? [Y, n]

What could be more simple than that? I can install OpenBSD in the time it takes most GUI installers just to load.

The one place it needs work is FDISK, and that's not a problem unless you say 'NO' when asked if you'd like to 'use the entire hard drive'.

The installer has some nice perks too. You can use wild cards when selecting your packages, so a simple "-x*" will unselect all the X packages. Just "*" selects everything (one of the few OSes where you almost always want EVERYTHING-there's no junk in the distro), or you can always go with the default, minimum, install.

That's why I like OpenBSD, it isn't a bunch of shinny things, it's just a very simple and elegant Operating System. Installer and all.