OpenBSD's PF Developers Interview 110
An anonymous reader writes "ONLamp.com has published a very long interview with 6 OpenBSD's PF developers: Cedric Berger (cedric@), Can Erkin Acar (canacar@), Daniel Hartmeier (dharmei@), Henning Brauer (henning@), Mike Frantzen (frantzen@) and Ryan McBride (mcbride@).
Start reading from the first half and continue with the second part."
Re:Did they ask them... (Score:5, Informative)
pf.conf is cryptic? The manpage and demo files in
Re:So the world wants to know... (Score:4, Informative)
PF is the Packet Filter in OpenBSD, kind of similar to iptables/ipchains in Linux.
Re:OpenBSD problems (Score:4, Informative)
Re:pf vs ipf vs ipfw vs iptables (Score:5, Informative)
For an example of setting up firewall for home or small office [openbsd.org], have a look at the execellent PF User Guide> [openbsd.org].
Tired of sucky download performance when you max your upload on your ADSL connection? Well, PF solves that with packet queueing and prioritization [openbsd.org].
pf also available for FreeBSD (Score:5, Informative)
pf has been available in ports [freshports.org] for quite a while. Although it only works on the 5.x branch, I'm running it as my firewall on an old 166mhz Pentium.
Personally, I find FreeBSD easier to deal with, but that's just me.
AuthPF is neat too (Score:5, Informative)
Useful if you want to hide services from the outside world (except for selected users), but you don't want the complexity of ssh tunnels/vpn. (ie: I want to give some people access to my ftp server but hide it from the rest of the world, and not give them vpn access to the whole network)
Dissemination is the goal (Score:5, Informative)
Spreading technology, not ideology...
Each time some BSD code is incorporated in a proprietary product the world is likely a better place, you don't want everyone and his dog coding an IP stack, if it was the case it would not be some unpatched windows boxes that would be used as attack launch points, the would be everything from your fridge to your car...
BTW the license does not discourage anything, it just does not make it mandatory. Common sense makes contributing back a good thing, as maintaining a fork is likely more expensive that contributing back your valuable intellectual property would cost you.
It's impossible to create reliable BSD statistics! (Score:5, Informative)