Follow Slashdot stories on Twitter


Forgot your password?
BSD Operating Systems

OpenBSD's PF Developers Interview 110

An anonymous reader writes " has published a very long interview with 6 OpenBSD's PF developers: Cedric Berger (cedric@), Can Erkin Acar (canacar@), Daniel Hartmeier (dharmei@), Henning Brauer (henning@), Mike Frantzen (frantzen@) and Ryan McBride (mcbride@). Start reading from the first half and continue with the second part."
This discussion has been archived. No new comments can be posted.

OpenBSD's PF Developers Interview

Comments Filter:
  • by grub (11606) <> on Saturday May 08, 2004 @12:18PM (#9094286) Homepage Journal

    pf.conf is cryptic? The manpage and demo files in /usr/share/pf are pretty handy. If you want cryptic shit, try using a Cisco PIX. I maintain 4 of them at work and they suck donkey-wang compared to PF & carp.
  • by Anonymous Coward on Saturday May 08, 2004 @12:35PM (#9094354)
    Could you at least try [] finding it out yourself?
    PF is the Packet Filter in OpenBSD, kind of similar to iptables/ipchains in Linux.
  • Re:OpenBSD problems (Score:4, Informative)

    by mritunjai (518932) on Saturday May 08, 2004 @03:16PM (#9095310) Homepage
    Oh you can fork OpenBSD to your likeness, the only restriction is that you can't call your fork 'OpenBSD'... name it burnsBSD or whatever and you should be fine ;-)
  • by Homology (639438) on Saturday May 08, 2004 @05:10PM (#9096022)
    i would really like to see a comparison between all of these packet filters with strength and weaknesses and maybe an example of the fliter scripts used for a few common scenerios.

    For an example of setting up firewall for home or small office [], have a look at the execellent PF User Guide> [].

    Tired of sucky download performance when you max your upload on your ADSL connection? Well, PF solves that with packet queueing and prioritization [].

  • by FlightTest (90079) on Saturday May 08, 2004 @07:08PM (#9096685) Homepage

    pf has been available in ports [] for quite a while. Although it only works on the 5.x branch, I'm running it as my firewall on an old 166mhz Pentium.

    Personally, I find FreeBSD easier to deal with, but that's just me.

  • AuthPF is neat too (Score:5, Informative)

    by myov (177946) on Saturday May 08, 2004 @07:48PM (#9096848)
    authpf allows you to authenticate remote users, and change the firewall rules. And it's all done by ssh'ing in with authpf as the user's shell.

    Useful if you want to hide services from the outside world (except for selected users), but you don't want the complexity of ssh tunnels/vpn. (ie: I want to give some people access to my ftp server but hide it from the rest of the world, and not give them vpn access to the whole network)
  • by ^BR (37824) on Sunday May 09, 2004 @09:20AM (#9099653)

    Spreading technology, not ideology...

    Each time some BSD code is incorporated in a proprietary product the world is likely a better place, you don't want everyone and his dog coding an IP stack, if it was the case it would not be some unpatched windows boxes that would be used as attack launch points, the would be everything from your fridge to your car...

    BTW the license does not discourage anything, it just does not make it mandatory. Common sense makes contributing back a good thing, as maintaining a fork is likely more expensive that contributing back your valuable intellectual property would cost you.

  • by trons (531753) on Sunday May 09, 2004 @02:34PM (#9101439)
    Don't you people understand... It is not possible for Netcraft to gather any statistical data on how many BSD machines are being used, simply because no one is *forced* to make their machine identify as a BSD machine! Quote from : "There are some, even large, companies that use BSD as routers, firewalls and even servers, without people noticing. That is a reason why no one can give current usage statistics for BSD, because no one is forced to say he is using BSD at all, or in which number." Drawing conclusions from statistical date without proper knowledge on the subject is Bad Practice..

Make headway at work. Continue to let things deteriorate at home.