Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD's PF Developers Interview

Posted by Hemos on from the reading-all-about-it dept.

An anonymous reader writes "ONLamp.com has published a very long interview with 6 OpenBSD's PF developers: Cedric Berger (cedric@), Can Erkin Acar (canacar@), Daniel Hartmeier (dharmei@), Henning Brauer (henning@), Mike Frantzen (frantzen@) and Ryan McBride (mcbride@). Start reading from the first half and continue with the second part."

8 of 110 comments (clear)

  1. Re:Did they ask them... by grub · · Score: 5, Informative


    pf.conf is cryptic? The manpage and demo files in /usr/share/pf are pretty handy. If you want cryptic shit, try using a Cisco PIX. I maintain 4 of them at work and they suck donkey-wang compared to PF & carp.

    --
    Trolling is a art,
  2. Re:So the world wants to know... by Anonymous Coward · · Score: 4, Informative

    Could you at least try finding it out yourself?
    PF is the Packet Filter in OpenBSD, kind of similar to iptables/ipchains in Linux.

  3. Re:OpenBSD problems by mritunjai · · Score: 3, Informative

    Oh you can fork OpenBSD to your likeness, the only restriction is that you can't call your fork 'OpenBSD'... name it burnsBSD or whatever and you should be fine ;-)

    --
    - mritunjai
  4. Re:pf vs ipf vs ipfw vs iptables by Homology · · Score: 4, Informative
    i would really like to see a comparison between all of these packet filters with strength and weaknesses and maybe an example of the fliter scripts used for a few common scenerios.

    For an example of setting up firewall for home or small office, have a look at the execellent PF User Guide> .

    Tired of sucky download performance when you max your upload on your ADSL connection? Well, PF solves that with packet queueing and prioritization.

  5. pf also available for FreeBSD by FlightTest · · Score: 5, Informative

    pf has been available in ports for quite a while. Although it only works on the 5.x branch, I'm running it as my firewall on an old 166mhz Pentium.

    Personally, I find FreeBSD easier to deal with, but that's just me.

    --
    Merde, il pleut encore!
  6. AuthPF is neat too by myov · · Score: 4, Informative

    authpf allows you to authenticate remote users, and change the firewall rules. And it's all done by ssh'ing in with authpf as the user's shell.

    Useful if you want to hide services from the outside world (except for selected users), but you don't want the complexity of ssh tunnels/vpn. (ie: I want to give some people access to my ftp server but hide it from the rest of the world, and not give them vpn access to the whole network)

    --
    I use Macs to up my productivity, so up yours Microsoft!
  7. Dissemination is the goal by ^BR · · Score: 4, Informative

    Spreading technology, not ideology...

    Each time some BSD code is incorporated in a proprietary product the world is likely a better place, you don't want everyone and his dog coding an IP stack, if it was the case it would not be some unpatched windows boxes that would be used as attack launch points, the would be everything from your fridge to your car...

    BTW the license does not discourage anything, it just does not make it mandatory. Common sense makes contributing back a good thing, as maintaining a fork is likely more expensive that contributing back your valuable intellectual property would cost you.

  8. It's impossible to create reliable BSD statistics! by trons · · Score: 5, Informative

    Don't you people understand... It is not possible for Netcraft to gather any statistical data on how many BSD machines are being used, simply because no one is *forced* to make their machine identify as a BSD machine! Quote from : "There are some, even large, companies that use BSD as routers, firewalls and even servers, without people noticing. That is a reason why no one can give current usage statistics for BSD, because no one is forced to say he is using BSD at all, or in which number." http://mirbsd.bsdadvocacy.org/?bsd-intro Drawing conclusions from statistical date without proper knowledge on the subject is Bad Practice..