Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.6 Released!

Posted by Hemos on from the coming-out-at-you dept.

dspisak writes "The people over at OpenBSD have released version 3.6 containing significant new features such as: SMP support for i386 and amd64 archs, the ability to optimize pf rulesets, better hotplug support, in addition to more robust encryption and vpn functionality. This is in addition to more recent hardware support, for a full list of changes take a look at the 3.6 changelog. Don't forget to use the mirrors!"

5 of 194 comments (clear)

  1. Not just for routing. by saintlupus · · Score: 5, Informative

    OpenBSD has a reputation for being the ideal platform for making into a router or firewall. That's true, but it's also a really nice general server OS for low power tasks. I run it at home as a file/web server, and it's really quite nice.

    If you like Unix (as opposed to hating Microsoft), give it a shot.

    --saint

  2. If you had ordered the CD's... by BawbBitchen · · Score: 5, Informative

    ...you would have 2 servers up and running already. Got my CD's last week and have 1 new box up and one old 3.5 box upgraded. May thanks to Theo and the team for such great software.

    If you have not tried OpenBSD please do. While I will not speak on the idea of OpenBSD on the desktop I will speak to how great it is as a firewall. If you have struggled with IPTABLES it is time to give a try to PF. Have a look. It should be easy to understand:

    ext_if="xl0"
    int_if="fxp0"
    # clean up the packets
    scrub in all
    # nat the internal network to the external interface
    nat on $ext_if from !($ext_if) -> ($ext_if:0)
    # setup a table of RTBL IP's for spammers
    table persist
    #redirect any IP's in the the RTBL to spamd
    rdr pass inet proto tcp from to any port smtp -> 127.0.0.1 port 8025
    # ftp proxy
    rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
    # redirect any internal user to squid
    rdr on $int_if inet proto tcp from any to ! $int_if port 80 -> 127.0.0.1 port 3128
    # pass extenal web request to the internal www server
    rdr on $ext_if proto tcp from any to any port http -> 192.168.0.2
    # pass extenal web request to the internal www server
    rdr on $ext_if proto tcp from any to any port https -> 192.168.0.2
    # drop everything
    block in log
    # allow out and keep track
    pass out keep state
    # allow anything to the loopback and internal interface
    pass quick on { lo $int_if }
    # no RFC 1918 spoofing (quick - do it now!)
    antispoof quick for { lo $int_if }
    # allow external ssh in
    pass in log on $ext_if proto tcp to ($ext_if) port ssh keep state
    # allow smtp in
    pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
    # allow the www forwarding
    pass in log on $ext_if proto tcp to 192.168.0.2 port http keep state
    # allow the www forwarding
    pass in log on $ext_if proto tcp to 192.168.0.2 port https keep state
    # allow outbound smtp
    pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state

    Very simple and clean. If you need a firewall give it a try!

  3. hotplugd is neat by hkb · · Score: 5, Informative

    hotplugd is pretty damned neat on the user end. It allows you to define actions performed when a device is plugged in, such as a digital camera (ala cp /mnt/camera/* ~/pictures/$DATE/).

    It's also mentioned in a recently slashdotted interview with some OpenBSD devs here:
    http://www.onlamp.com/pub/a/bsd/2004/10/28/ openbsd _3_6.html

    --
    /* Moderating all non-anonymous trolls up since 2004 */
  4. Re:OpenBSD impossible to update? by 44BSD · · Score: 5, Informative

    CVS is your friend. See also the updating mini-faq, conveniently located here

  5. OpenBSD is great for learning, too by mmkhd · · Score: 5, Informative

    I want to recommend OpenBSD to anyone who wants to build a small server and it is a must for a firewall/NAT box.

    I have never seen such a clear, concise, and easy to understand configuration file as that of pf.conf (IP filter).
    The files for the boot-up configuration rc.conf and rc.local are also very clear and easy to understand.

    Everything has very _good_ man pages and sample configuration files with lots of comments.

    The faq on openbsd.org is quite good, too.

    One aspect of security is simplicity, which implies easily understood configuration files.

    Another aspect of security is that you learn about the fundamentals of your system /network. OpenBSD's lack of graphical configuration aids is a great help here.
    You simply _have_ to learn about your system to be able to operate it, but at the same time learning is made easy, by great documentation.

    And if anybody is put off by OpenBSD's (in)famous penchant for straight/rude talking developers: Don't worry, I found people friendly and helpful. They are only put off, by questions that are very obvious and have been covered in the documentation extensively. But I am also the kind of person who loathes to ask for help in a D.I.Y. shop such as Home Depot, preferring to find things unaided so that I learn more and more about the products they offer, so that I will be more knowledgeable when doing my next project.

    Marcus