OpenBSD's PF Developers Interview - Slashdot

Please create an account to participate in the Slashdot moderation system

×

OpenBSD's PF Developers Interview 110

Posted by Hemos on Saturday May 08, 2004 @01:04PM from the reading-all-about-it dept.

An anonymous reader writes "ONLamp.com has published a very long interview with 6 OpenBSD's PF developers: Cedric Berger (cedric@), Can Erkin Acar (canacar@), Daniel Hartmeier (dharmei@), Henning Brauer (henning@), Mike Frantzen (frantzen@) and Ryan McBride (mcbride@). Start reading from the first half and continue with the second part."

This discussion has been archived. No new comments can be posted.

OpenBSD's PF Developers Interview

Search 110 Comments Log In/Create an Account

Comments Filter:

Re:Did they ask them... (Score:5, Informative)

by grub ( 11606 ) writes: <slashdot@grub.net> on Saturday May 08, 2004 @01:18PM (#9094286) Homepage Journal

pf.conf is cryptic? The manpage and demo files in /usr/share/pf are pretty handy. If you want cryptic shit, try using a Cisco PIX. I maintain 4 of them at work and they suck donkey-wang compared to PF & carp.

Parent Share
twitter facebook
Re:So the world wants to know... (Score:4, Informative)

by Anonymous Coward writes: on Saturday May 08, 2004 @01:35PM (#9094354)

Could you at least try [google.com] finding it out yourself?
PF is the Packet Filter in OpenBSD, kind of similar to iptables/ipchains in Linux.

Parent Share
twitter facebook
Re:OpenBSD problems (Score:4, Informative)

by mritunjai ( 518932 ) writes: on Saturday May 08, 2004 @04:16PM (#9095310) Homepage

Oh you can fork OpenBSD to your likeness, the only restriction is that you can't call your fork 'OpenBSD'... name it burnsBSD or whatever and you should be fine ;-)

Parent Share
twitter facebook
Re:pf vs ipf vs ipfw vs iptables (Score:5, Informative)

by Homology ( 639438 ) writes: on Saturday May 08, 2004 @06:10PM (#9096022)

i would really like to see a comparison between all of these packet filters with strength and weaknesses and maybe an example of the fliter scripts used for a few common scenerios.
For an example of setting up firewall for home or small office [openbsd.org], have a look at the execellent PF User Guide> [openbsd.org].
Tired of sucky download performance when you max your upload on your ADSL connection? Well, PF solves that with packet queueing and prioritization [openbsd.org].

Parent Share
twitter facebook
pf also available for FreeBSD (Score:5, Informative)

by FlightTest ( 90079 ) writes: on Saturday May 08, 2004 @08:08PM (#9096685) Homepage

pf has been available in ports [freshports.org] for quite a while. Although it only works on the 5.x branch, I'm running it as my firewall on an old 166mhz Pentium.
Personally, I find FreeBSD easier to deal with, but that's just me.

Parent Share
twitter facebook
AuthPF is neat too (Score:5, Informative)

by myov ( 177946 ) writes: on Saturday May 08, 2004 @08:48PM (#9096848)

authpf allows you to authenticate remote users, and change the firewall rules. And it's all done by ssh'ing in with authpf as the user's shell.

Useful if you want to hide services from the outside world (except for selected users), but you don't want the complexity of ssh tunnels/vpn. (ie: I want to give some people access to my ftp server but hide it from the rest of the world, and not give them vpn access to the whole network)

Share
twitter facebook
Dissemination is the goal (Score:5, Informative)

by ^BR ( 37824 ) writes: on Sunday May 09, 2004 @10:20AM (#9099653)

Spreading technology, not ideology...
Each time some BSD code is incorporated in a proprietary product the world is likely a better place, you don't want everyone and his dog coding an IP stack, if it was the case it would not be some unpatched windows boxes that would be used as attack launch points, the would be everything from your fridge to your car...
BTW the license does not discourage anything, it just does not make it mandatory. Common sense makes contributing back a good thing, as maintaining a fork is likely more expensive that contributing back your valuable intellectual property would cost you.

Parent Share
twitter facebook
It's impossible to create reliable BSD statistics! (Score:5, Informative)

by trons ( 531753 ) writes: on Sunday May 09, 2004 @03:34PM (#9101439)

Don't you people understand... It is not possible for Netcraft to gather any statistical data on how many BSD machines are being used, simply because no one is *forced* to make their machine identify as a BSD machine! Quote from : "There are some, even large, companies that use BSD as routers, firewalls and even servers, without people noticing. That is a reason why no one can give current usage statistics for BSD, because no one is forced to say he is using BSD at all, or in which number." http://mirbsd.bsdadvocacy.org/?bsd-intro Drawing conclusions from statistical date without proper knowledge on the subject is Bad Practice..

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

44 commentsRedis To Adopt 'Source-Available Licensing' Starting With Next Version
38 commentsFreeBSD 14 Released
37 commentsIn Development Since 2019, NetBSD 10.0 Finally Released
8 commentsOpenBSD 7.4 Released

He has not acquired a fortune; the fortune has acquired him. -- Bion