Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems BSD

Securing Small Networks with OpenBSD 17

Posted by michael from the easier-said-than-done dept.
Some random person wrote: "O'Reilly's OnLamp.com has a long article about using OpenBSD to secure small networks connected to the Internet."
This discussion has been archived. No new comments can be posted.

Securing Small Networks with OpenBSD More

Securing Small Networks with OpenBSD

Comments Filter:

  • Not worth reading - newbies avoid like the plague. (Score:4, Informative)

    by sedawkgrep ( 142682 ) on Friday March 01, 2002 @11:33AM (#3090210)
    There are a *LOT* of redundancies and unoptimized rules in his firewall ruleset. For example, you only need to keep state once for a connection, either in or out. Both is pointless. Firewall ruleset design (via ipf or pf) is better documented in the FAQ, although the documentation for pf is terse generally assumes a working knowledge of ipf. The rulesets could have been collapsed down into less than half of what is listed.

    Also he should have either used OpenBSD 2.9, or moved to 3.0 and done this based on pf, which has a more elegant syntax. Although the IPF syntax doesn't change between 2.8 and 2.9, 2.9 represents a newer versin of IPF, and why on earth would you not just use it instead?

    It's too bad there isn't more BSD news - this really isn't something worth being posted to slashdot. :-(

    sedawkgrep

  • Better for secureing.... (Score:4, Informative)

    by jsimon12 ( 207119 ) on Friday March 01, 2002 @11:49AM (#3090354) Homepage
    EmBSD [embsd.org], have to say I am a pretty big advocate of "less is more", basically it is the bare minimum of OpenBSD [openbsd.org] for securing a network (kernel, packet filter, ssh, syslogd and ipsec/named/dhcpd if you need em) and it all fits on under 32 meg and its all under the BSD license, so its free. It all comes preconfiged for firewalling (ipf and ipnat turned on and everything else just gone or turned off), so there is less to make mistakes with, less means less vulrablities and less to manage. So I would say look at EmBSD [embsd.org] after reading this article and compare for yourself.
  • Apple's Darwin is largely based on FreeBSD with a smattering of stuff from the others. The Kernal is a modified Mach Kernal. If people can accept it as a legitimate branch on the BSD tree then *BSD will soon be the most common *nix on the planet. And on desktops!

    It may be that BSD's future is on the desktop while Linux takes the server space. Or alternatively, that the BSD's remain small but important platforms for special purposes and developing new ideas.

    So what's dying?

Slashdot Top Deals

"The medium is the massage." -- Crazy Nigel

Close