Slashdot Mirror
FreeBSD-Powered Firewall Distro OPNsense 16.1 Released (phoronix.com)
An anonymous reader writes: OPNsense, the open-source firewall project powered by FreeBSD that began as a fork of pfSense, is out with a new release. OPNsense 16.1 was developed over the past half-year and is a big update. OPNsense 16.1 has upgraded to using a FreeBSD 10.2 base, support for a high-speed IPS mode, a redesigned captive portal, firewall improvements, and a wide range of other work.
am i the only one who read it as opnonsense?
How about linking to the site instead of the clickbait at Phoronix ?
My most immediate question, before even reading the feature set, was why they forked in the first place. I had to do some digging (ie: click multiple links and read a couple different pages to find what I was looking for), so to save others time, here's the why:
https://docs.opnsense.org/fork...
Technical
We had technical reasons to fork. As much as we love the functionality/feature set of pfSense, we do not enjoy the code quality and anarchistic development method. We like structure, achievable goals set forth in a roadmap with regular releases and a decent framework.
Security
On the security part the main issue was the need to separate logic. The GUI should not perform tasks that require root access.
Quality
As for quality, all new features will be built using a solid framework with a Model View Controller. For this purpose we choose Phalcon as it is the fastest open source PHP framework available. And we will gradually migrate parts inherited from pfSense to the new framework to avoid a big-bang approach.
Community
A thriving community can only exist when people are willing to share. We want to make it easier for people to join and help to build the community. With pfSense this has been rather difficult as the tools to build it are difficult to use and often do not work in the first few attempts. And since 2014 year they are not freely available any more, you need to apply for access with ESF. We believe a good open source project has nothing to hide so access to the sources should be there for all. It will remain a mystery why ESF made that move as commit rights and read rights are totally different.
Note
ESF has since changed their policy and the source code is now available under their 6 clause ESF license.
Transparency
A real concern with pfSense is transparency. Since Netgate bought the majority share of pfSense and renamed the company to ESF it has been difficult to understand the direction they want the project to go. Removing the tools from github without prior warning and using the brand name to fence off competitors has scared quite a lot of people. Also the license had changed for no apparent reason
Restore a firm open source project
With OPNsense we have restored a stable project with clear goals and a very simple license that is suitable for forking and making OEM versions. We think a community project is there for all to use and work with.
I've been running two instances for about six months. Both have been totally stable. Neither is presently configured to do much beyond basic firewall, dhcpd, and name server duties. I have no complaints.
I chose OPNsense over pfSense because their roadmap made vague claims about becoming closer to base FreeBSD, and since I'm running plenty of FreeBSD and PC-BSD elsewhere, the closer the better. I had not at that time encountered the highly charged discussions that took place between the two teams.
As much as OPNsense has worked out for me so far, it has certainly lacked the polish of a larger project. Some of the documentation was scanty to non-existent. So I'll be waiting a good four weeks before updating these hosts.
I did have one issue associated with a old PCI-based Intel network card. There's this thing about whether this card delivers interrupts as an electric signal or as a data packet. This particular card is right on the brink of when one method gave way in favour of the other. It has some ability to emulate the packet method, but obviously it's not rock solid, because the card would freeze up for ten minutes at a time once or twice a week. Then a watchdog would reset it and all would be normal again.
My fussing with sysctl didn't manage to lock the card into the right mode, for whatever reason, so I pulled the card and switched to the on-board LAN port (some ostensibly crappier thing) and it's worked perfectly ever since.
Congratulations to the OPNsense team for getting this far. I look forward to another uneventful six months.
Dear fellow Linux kernel hackers:
It has come to my attention that Richard M. Stallman, founder of the Free Software Foundation and creator of the GNU project, has once again set out to fragment our grassroots community.
Recently, Mr. Stallman has started a new push for acknowledgement of GNU in Linux. No, not the familiar “GNU/Linux” that we're all sick and tired of hearing about but, instead, a failed anagram of these same terms. The campaign is called “Say LiGNUx” and demands that users of any Linux-kernel operating system employing GNU software (which comprises less than 15% of most modern Linux distributions nowadays) call the operating system “LiGNUx.”
His presentation on the “Say LiGNUx” campaign is hosted here so you can see the insanity for yourself.
Yes, that's right. LiGNUx, pronounced like “pig cooks,” would be the name of choice for our work in the last two decades. Stallman suggests that we trash our existing name recognition and all common sense to adopt his academic linguistic exercise in masturbatory politics that represents the kernel's license and some poorly-built utilities that no one uses anymore.
Mr. Stallman even suggests that users who refuse to say LiGNUx should instead install GNU/HURD so as to remove any ambiguity about licenses and nomenclature. What the hell?!
When is the last time someone named their operating system after the license the kernel is released under? Such an esoteric naming method is madness. Should Apple call OS X “Apple/XNU?” Or how about the Berkeley operating systems? Should they call their products “FreeBSD” or “OpenBSD?” Should Microsoft call their operating system “Microsoft Windows?” The suggestion is patently absurd.
We should not give in to the wailing demands of this zealotry. Mr. Stallman clearly needs a break from promoting an increasingly irrelevant software platform. Perhaps that means banning him from LKML, or asking Linus to suggest some vacation therapy for poor Mr. Stallman and his zealotry, or having the Linux Foundation issue a press release distancing themselves from RMS, GNU, and the Free Software Foundation.
Whatever the next course of action is, we should all ignore Mr. Stallman and continue to call Linux as Linux.
I am interested to hear your thoughts on the topic, fellow Linux kernel hackers.
Happy Valentine.
This project seems like a joke in many ways despite having valid goals. They also took over the m0nowall domains from it's creator and instead of maintaining them as-is, they redirect to their own domain and crown themselves as successors to the legacy of that project, when really, pfSense is that.
Unless the code isn't available to me, I generally don't give two shits about licenses as far as being a single user is concerned, most people probably are the same. It only really matters if you are are rich or a business otherwise.
I think that LisystemdGNUx is a more appropriate name these days.
Link?
https://www.reddit.com/r/PFSENSE/comments/35dl17/pfsense_vs_opnsense_articles/
You should really learn how to use search engines:
http://m0n0.ch/wall/end_announcement.php
m0n0wall, from the get go, endorsed OPNsense on their own :)
TThey also took over the m0nowall domains from it's creator and instead of maintaining them as-is, they redirect to their own domain and crown themselves as successors to the legacy of that project, when really, pfSense is that.
If that m0n0wall piece is true, these guys are obviously looking more at $ and not community.
This is my sig. There are many like it, but this one is mine.
After reading discussion in the pfsense forums...[t]his project seems like a joke in many ways despite having valid goals.
Well they are hardly unbiased commentators.
TThey also took over the m0nowall domains from it's creator and instead of maintaining them as-is, they redirect to their own domain and crown themselves as successors to the legacy of that project, when really, pfSense is that.
If that m0n0wall piece is true, these guys are obviously looking more at $ and not community.
http://m0n0.ch/wall/end_announcement.php
Thought the name of the project was OPENonsense >_>
The m0n0wall dev also owned m0n0wall.ch, which does this redirect.
m0n0wall.ch
Remember he was only operating on what they said, not what they've actually done.
That top comment is what made me stick with pfsense when I rebuilt (virtualized) my router.
Remember he was only operating on what they said, not what they've actually done.
You know this how? Just curious. Sounds like a pretty broad statement to make without knowing true context.
See the reddit link above, while it is the pfsense subreddit, there's discussion both ways, but the top comment is a clincher.
Don't spell it systemd.
Spell it SystemD. That way it looks like an ASCII penis.
See here: http://m0n0.ch/wall/list/showm...
They didn't earn the endorsement, they bought it.
A serious question though: does anyone have any idea if SystemD can be ported to some of the BSDs, so they can also enjoy the benefits of fast reboots and whatever else it is that SystemD accomplishes?
Perhaps it has been discussed somewhere, I'm really curious what's the chance of that actually happening.
OPNSense is garbage, just wait for pfsense to get their new bootstrap UI.
Someone should write a browser plugin like the famous cloud2butt which would change every occurrence of systemd or SystemD to B=====D, or whatever the ISO standard for ASCII penis is.
But why
[citation needed]
http://www.opnsense.com