OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Changes in IPFilter license to affect OpenBSD?
Contributed by Dengue on Sun May 27 15:23:00 2001 (GMT)
from the waffle dept.

tom writes : "It seems that the BSD community will have to face, presently and in the future, some copyright problems. In fact, the IPFilter code is copyrighted by Darren Reed who recently added the following to his license : "...Yes, this means that derivative or modified works are not permitted without the author's prior consent. " This little add radically changes the status of the software which can not be considered as open source anymore. Shall this modification influence the future of the OpenBSD project, who actually uses a modified version of IPFilter? source : "


<< OpenSSH 2.9 Released | Reply | Flattened | Expanded | fts patch released for OpenBSD >>

Threshold: Help

Related Links
more by Dengue

  *sigh* (mod 7/139)
by methodic ( on Sun May 27 16:10:00 2001 (GMT)
  Oh well, looks like we're just gonna have to start an OpenIPF project. :)
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  You're all speaking out of your arses. (mod 8/132)
by Darren Reed on Sun May 27 17:06:00 2001 (GMT)
  There's been *one* person out of many who has
made an informed comment about this issue.
Strangely it was not Theo or any of the
illustrious leaders of any project.

Unfortunately for most of you, it was a private
comment and the person involved actually knew
real things about contract law, etc. I've asked
them to make the comment public but so far they
have not (they also pointed out that it was not
legal for OpenBSD+crypto to be shipped out of
Canada prior to BXA changes so long as the crypto
originated from the USA).

If Theo or anyone else actually knew something
then they'd have ignored this just as everyone
else should. Obviously everyone thought they
knew better when in fact they knew jack shit.
In short, it meant that whilst possible to make
such changes, they would be thrown out (if ever
an attempt was made to enforce them) by any half
decent court.

I won't bother to mention that this change has
only been present in a version that was made
available for testing purposes only and was not
an actual release. Given the amount of crap you
all decided to fling my way you'll find various
other changes, from time to time, in that LICENCE
file as it suits MY needs. Maybe if you all had
not of made such asses out of yourselves I'd not
bother but the way you all think you know it all
really bothers me. This applies to people from
NetBSD and FreeBSD as well as OpenBSD.

IPFilter IS NOT and HAS NEVER been a community
project unlike what some people claim. There have
been maybe a handful of people who have actually
made any sort of significant contribution via code
and even then it's more to help themselves as much
as it is IPFilter.

Other claims such as "you don't buy back our
changes" are also a load of horse shit as I can
confidently state that (for example) changes made
by Theo to how securelevel is used within IPFilter
were NEVER posted back to me so how he expected me
to BUY BACK those is left for you to work out. I
spend enough time making it work on other
platforms and have little time to go chasing what
other changes people make. Bad enough that I had
to seek out and incorporate some changes such as
the timeout changes in OpenBSD myself. Nobody
even bothered to tell me about those and that was
months ago.

To go with all this crap, Theo even made threats
about "I'll get the press onto you" and as a
result some leper from LWR sent me an email saying
he was doing an article on licencing this week.

Threats do not scare me and I'll navigate IPFilter
as I want to, not how some lamer in Canada thinks
I should or how any other jock anywhere else wants
me to. IPFilter is *MY* project and not anyone

As you may have guessed, the attitude people took
in their email to me has really got my goat and I
care a whole lot less about a whole lot of BSD
things as a result.

p.s. if the editor removes any of that then he's
just as much of an ass as the rest of you, except
if he deletes this "p.s".
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Licensing changes (mod -4/136)
by mirabilos on Sun May 27 17:33:00 2001 (GMT)
  IIRC the changes to the License affect only releases made thereafter. <br> So the current ipfilter remains, and there will be a code split between the "official" ipfilter and NetIPF, FreeIPF and OpenIPF. <br> This then will be licensed by the older terms. <br> But just my 0.02 EUR, I'm no lawyer...
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Fun Remarks (mod 10/130)
by proof (proof at ifconfig dot net) on Sun May 27 23:03:00 2001 (GMT)
  This is an interesting study in hot-headedness and quickness to flame, on all sides. Often times just because we misunderstand what others say or feel, we lash out. That's probably not an approprate response. Maybe taking a moment to see the other side would probably help.

I hope no relationships were severed over something this small. No one's life is at stake, right?


... me goes back to listening to "The Sounds of Science" by the Beastie Boys

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  new new license (mod 3/129)
by ted ( on Mon May 28 02:53:00 2001 (GMT)
  the beta that's now up for download contains the following line:

* Redistribution is not permitted.

but the individual files don't. so maybe it's not ok to redistribute the whole package, but individual files can be. ipf.c contains:

* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  so disapointed (mod -6/136)
by COUDERC Damien on Mon May 28 07:59:00 2001 (GMT)
  I'm a user of OpenBSD since 2.3 (in fact first use was on 2.2, but the first install was 2.3 ;), and since this time i appreciated to use ipfilter.
IMHO ,this is the best packet filter we can find in the world ...

But now, i see that my favorite os project is in war with my favorite packet filter ... this is really annoying.

I think that ipf made *BSD better and that *BSD help to demonstrate that ipf was better.

But now if in the future ipf cannot be included in the default install, and if it is replaced by another filter of the same level, my choice will be quickly done.
I use OpenBSD for a lot of reasons, and one of them is that i can install this os in 10min, so i don't want to lost time in installing ipf as external package.

Now why launching a war against us if you have a problem with theo ? We all know that theo is hot-tempered, but is this a good argument to put fire BSD community under fire ?

Anyway, i hope that this is only short time misunderstanding ...

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  This is always dangerous (mod -2/136)
by David Xu ( on Mon May 28 08:17:00 2001 (GMT)
  This is always dangerous that whole BSD community
rely their PACKETE FILTER on one person's toy
package --- IPFILTER. fortunatly, FreeBSD has
its IPFIREWALL, I don't use IPFILTER, so I don't
care if IPFILTER will be in *BSD.


  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  LWN, don't worry, and worry (mod 9/131)
by Intrepid| ( on Mon May 28 10:01:00 2001 (GMT)
  If you read the LWN article on this and Mr. Reed's "RIP" comment, there is actually an answer. According to the revised copyright law (made effective in 1998 I believe), after Mr. Reed passes away, whenever that may be, we just have to wait 70 years before his code goes into the public domain.

So, don't worry.

Joy. What a bloody mess.

Unfortunately, and I really mean that, Mr. Reed seems to have the legalities behind him on this. So whoever that private individual was whom he states contacted him via email to tell him this, well, they were right. Copyright law for non-visual works grants exclusive rights to the author the rights of distribution, reproduction (making copies), and derivations (modifications).

Note that by exclusive rights, I mean exclusive rights given to the author, which some may confused with the use of exclusive rights in copyright agreements, which are rights of copyrighted works wholly transferred to another--a different issue.

Anyways, more to the point. The IPFilter license does not specify the last right, the right to modify. And the author retains those rights which are not specified (the rights are exclusive and inclusive, meaning that the rights are retained unless stated otherwise).

Some of you out there may have noticed that Mr. Reed's IPFilter license did not include the frequently seen statement "All rights reserved" in his copyright notice. You may have interpreted this as a potential loophole. Under current law, you don't need that, so throw that theory out the door. He retains the right to modify, as he clarified.

So far, I've really been talking US copyright law. But notice, that unlike crypto laws, copyright laws seem to extend from the author and go country to country, taking the shortest route. iow, even if copyright law in one country may somehow allow modifications, even if those other-country-legal modifications came to the US, the author (Mr. Reed) can claim copyright violations on US soil for US participants of that other code.

Translation: This situation utterly sucks.

While I agree with Mr. Reed's copyright claim, that's all I agree with. I do not agree with the sentiments that have come out of his clarification from him, particularly on this forum. And, in my personal opinion, the community has been misled. While Mr. Reed is under no direct obligation to enlighten us (users, developers, or project leaders all) of our mistake, he certainly did know of this limitation in the license, and, most importantly, he knew that the majority of the community generally was not clear on it. Even if project leaders or developers knew, *most* people did not.

To (loudly? clearly? finally?) inform us on this late certainly doesn't make Mr. Reed a monster or what not, but to consider the whole picture, it also isn't exactly the actions of a person concerned with the community. Combine that with what this license clarification means...

What does this clarification mean? To me, it seems that that if Mr. Reed does not port the code or grants someone else permission to port the code to a particular OS and the default IPFilter code does not work on that OS (even down to the version and incremental OS updates), it violates his copyright if someone distributes code to make IPFilter work. Even if done as a patch (a derivative work is a derivative work, regardless of form--you can see more on this if you look at fan extended stories/works of TV series or movies).

It doesn't matter if Mr. Reed drops his code deliberately or not--if he passes away, if he's behind keeping up, it's still a violation. Worse, he can reassure us all day that he will continue to provide updated code to all the BSDs, and then, one day, stop doing so. If an incompatibility or security hole comes up that he does not correct or grants permission to someone to correct, we're screwed.

iow, it would appear that he controls features, code updates, security fixes, which OS it gets ported to, which version of IPFilter runs under what OS version, etc. He could, if under the current license, even play around and do favorites--maybe he decides he likes one OS better than another, so he'll update that one faster. Or feels the FreeBSD community is treating him a better, so he'll implement the latest and greatest for them first, with a large wait before seeing the changes implement in "competing" OSs.

Note that I'm not saying that these things will come to pass or that my paranoia is accurate, but we also have no concrete and definitive knowledge under the current IPFilter license that they will not.

Unless there is a change in the IPFilter license, I think an OpenIPF project may be warranted. If and until it does, in the meantime, I would urge people to politely ask Mr. Reed to change his license to save us both time and prevent a duplication of effort. IPFilter is excellent software. Just the license stinks.

P.S. Note that this is not a failing of a BSD license. IPFilter's license simply is not a BSD license--the BSD license, both the original and the one without the advertising clause, clearly grants the right to modify code.

P.S.S. Copyright extends to pseudonyms (actually, they are granted very slightly more rights than individuals) and to all posted works, even if without a copyright notice given. Funny, eh? :/

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  I would really like to hear from the OpenBSD proje (mod -1/123)
by Paulo Laureano ( on Mon May 28 12:37:00 2001 (GMT)
  I like IPF.

However I will go with whatever package OpenBSD adopts. I trust the OS package more than the ports (for obvious reasons) and the only way I would use a port (if at all available) would be for the lack of another option.

I feel sorry for all this mess...
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 7/129)
by Roland Goetz ( on Mon May 28 14:22:00 2001 (GMT)
  Mr. Reed, I like your really fine product like the whole community, which did rely on your work. But I think you must change your license at least to GPL. Also you will see if we want to use your IPFilter in the future it have to have the possibility to be modified. It's a great pity if there will started another project. Excuse my english I am a German.
Sincerely yours
Roland Goetz
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  One last comment. (mod 3/133)
by Darren Reed on Mon May 28 15:06:00 2001 (GMT)

You will all be pigleet!
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Sigh, back to work? (mod 0/138)
by Ron J. Foster ( on Mon May 28 18:51:00 2001 (GMT)
  Well guys and gals, we have successfully managed to dig ourselves in to a hole. IPF is great software, and there is really no need to start our own OpenIPF. I don't think I'm just taking for myself here, but we don't have the time to start this project, there are too many other things that have to be done. Criticizing Darren Reed will just make this harder on all of us. We still don't have low level encrypted disk support, wouldn't that me more time efficient then OpenIPF, or what about all these new patches to the OpenBSD kernel that have been released lately ( to mention one), at some stage we should integrate them into the mainstream kernel. I can list many more tasks if anyone thinks we have time.

Darren Reed: It's advisable for both our parties to come to an agreement shortly about this licensing dilemma. At this point we have two options, a license that we can use or creating our own project. I can't stress enough how the latter is a bad choice, but we'll do what we have to do; I hope you understand.

All the rude posters: Are you actually coding software, are you going to contribute to the OpenIPF effort, because if your not going to I suggest for everyone's benefit you don't give the hard working developers MORE work to do. This isn't about politics, or about who is right, or who is the bigger man, it's about being about to run a fully free and modifiable operating system at work or at home. We could have possibly dogged this bullet by being nice to Darren from that start, he may had changed the license right away for us.

Darren, I apologize for everyone that has been giving you slack recently about this situation. Your IPF is necessary one way or another to the OpenBSD effort, you have done a wonderful job coding and designing (people often forget this time consuming part), and we as a whole would like to start over with you. Please consider modifying your license asap so we can all go back to getting our work done. There are already to few hours in the day.

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Things must be clarified (mod 3/133)
by tom ( on Mon May 28 19:35:00 2001 (GMT)
  I'm the one who posted the little note about IPF licensing, and I do really regret that post. Some people are so straight minded... shame on you, folks who flame so easily and don't even write a single line of code...

Darren I do really apologies for all the mess here... I did not intend to start such a war, really.

Btw you have to admit that changing your license in such a way is not acceptable for those people who write code and whose project depends, for a great part, on your IPFilter. Your license is not applicable to free software projects, I'm sure you do agree.

Now the big question is : do you want, or not, your piece of software (a great piece, indeed) to take part of free software projects? I hope you do. Things must be clarified.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Theo is an asshole, film at 11 (mod 2/130)
by Lamont Granquist ( on Tue May 29 07:23:00 2001 (GMT)
  Darren, I hope you can take a really big deep breath and let all this shit roll off of you. For what its worth, not only do I realize that legality is on your side, but I can understand why you licensed IPF the way that you did -- and support that you've got every right to do so.

If Theo was actually an adult he'd accept your licensing restrictions and then make a choice about weither or not to include your code in the OpenBSD project.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Simple choices (mod 1/141)
by Anonymous Coward on Tue May 29 20:55:00 2001 (GMT)
  With Darren's interpretation of the license a fork of IPF is not legal.

This leaves the following choices.

1. Start a new project or find another one.
2. Accept Darren's interpretation and work with him to allow its inclusion in OpenBSD
3. Work with lawyers to find a legal loophole that would make a fork legal.

I believe that it is quite clear that Darren perceives the license as one similar to how Microsoft allows some of its customers to view its source without conveying additional

Unfortunately the failed expectations of many have lead to many heated discussions.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Well, it's official (mod 1/131)
by Blah (blah@[]) on Wed May 30 03:39:00 2001 (GMT)
  Date: Tue, 29 May 2001 19:13:11 -0600
From: Theo de Raadt
Subject: ipf
Precedence: bulk

sometime in the next 20 hours, i will be removing ipf from the source
tree since it does not meet our freedom requirements, as have been
outlined in policy.html and goals.html since the start of our project.

we will have to work on an alternative.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  final point about patches (mod 3/141)
by ted on Wed May 30 05:45:00 2001 (GMT)
  i realized this while discussing patches and licenses in an above thread. but i think it's pretty important.

darren's license doesn't let you modify the software. that means you can't add a feature or fix a bug. so you can't submit patches to darren. all of the code in ipf that was submitted by contributors is illegal. they modified ipf - they broke the license. they distributed a modification - they broke the license again.

if you are going to literally read exactly what the license says, that's what it means.

darren, maybe you're still reading. hopefully you realize that all the submitted code is now illegal, by your definition. so are you going to remove it? (i think that'd be pretty stupid, but that's what your interpretation of the license would require.)
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 10/136)
by BluNereid on Wed May 30 06:58:00 2001 (GMT)
  Some Whois results for

600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110

Domain Name: OPENIPF.ORG

Administrative Contact:
Fries, Todd
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110

Technical Contact:
PO box 2031
ann arbor, mi 48106-2031
734 623 0456

Billing Contact:
Fries, Todd
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110

Record last updated on 29-May-2001.
Record expires on 25-May-2002.
Record Created on 25-May-2001.

Domain servers in listed order:
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  A resolution suggestion for the ipf license disput (mod 3/131)
by Raymond Causton (rc at on Wed May 30 11:55:00 2001 (GMT)
mailto:rc at

First of all I'd like to extend my gratitude to you for creating my favourite firewall/filtering package for OpenBSD. Expecially I like the syntax of ipf's rules as they are the only human readable ruleset language I've found uptodate.

How I perceive this entire mess of flaming each other about the license is very childish and doesn't do any good to any party in this discussion.

I acknowledge that you have all the rights in the world to distribute your code and binaries just as you wish with the license that you wish to use.

All I'm worried about is that if (as) your license change has prompted ill actions from all *BSD projects we in the user community will be left without uptodate protection from the threats coming from the Internet.

It seems that the main concern of different *BSD projects is that they are not able to apply fixes in to their operating system as they are found because of the modification restriction in the license. It seems that this translates to the fear of what if you will not have time/interest to support operating system Y in the future and they are restricted from helping themselfs to fix possible problems because of the modification restriction.

My suggestion would be to start negotiations with the *BSD projects to settle this dispute between you and the different projects by granting such licenses to the different Open/Free/NetBSD projects that ipf may be used and modified by the projects when used in their respective *BSD operating systems. This way you retain control over the general use and modification of ipf and most likely this would give enough leeway to the different *BSD projects aswell.

I hope you read this before this dispute goes too far to be settled peacefully.

Yours Sincerely, Raymond Causton ITSec Professional

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  IPFilter booting problems (mod 4/132)
by Anonymous Coward on Wed May 30 15:26:00 2001 (GMT)
  Somewhere along this thread Darren said:
All that matters to me is IPFilter

Good, now go install and boot IPFilter.


  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  What really happened here? (mod -1/127)
by Jason Consorti (nunya) on Wed May 30 15:42:00 2001 (GMT)
  Here is my theory, I have no evidence to back this up but tell me if I sound off the mark:

From what I can gather from Darren's postings here and the ipfilter mailing list, it seems that for the history of the project, Darren was himself under the impression that his license allowed use AND modification with trivial restrictions. Then, after some kind a of disagreement with Wasabi and/or OpenBSD, he got angry and wanted to find out what he can do about his project being used by other projects. After talking to a lawyer, he discovered that his license never explicitly said anything about "modify" and he decided to play that card against Wasabi and/or OpenBSD.

Read the following (in no particular order):

Don't take this as an opinion of anything that has happened; I don't know enough to form one.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

by Buck Pyland (buck@bfg9000.localdomain) on Wed May 30 16:46:00 2001 (GMT)
  It seems that everybody involved in this issue are being dicks. Everybody knows Theo's a dick. Darren Reed, through his postings and comments, is just as much a dick as Theo. Get over yourself, mate. Yeah, you wrote some great software that people seem to like using, but so did Theo. Quite frankly, your shit stinks like everyone elses.

Summary for the mentally retarded in this issue:
1) Theo & co. should have seen this coming before including ipf in OpenBSD.
2) Darren should have made his license totally clear and unambiguous from the start.
3) Both the aforementioned persons have severe personality problems, but nothing that Prozac and a .38 caliber bullet to the head wouldn't cure.
4) Everyone else should just relax.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Get over it (mod 3/129)
by RoadKiLL on Mon Jun 4 20:30:00 2001 (GMT)
  Its his code and if he want's to be a weenie, so be it. Many of us have contributed code without so much as a thankyou mam. 10's of thousands of GPL and BSD licenced projects and packages attest to this fact. Those of us who did contribute have felt satisfied with the knowledge that we were able to give back something in return for all that we had received. One piss ant project won't even rate a blip on the radar and now that he has decided to react so violently to concerns raised about the inclusion of his work in the BSD disto's only highlights the need to eradicated it entirely.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Changes in IPFilter license to affect OpenBSD? (mod 4/110)
by Anonymous Coward ( on Mon Jan 18 07:57:29 2016 (GMT)
  Qui viendra de l'hiver Slyde machines de série du moteur Slyde regarder beaucoup de gens vont continuer la révolution toutes les montres de sport de moteur de série automne et d'hiver replique montre
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Changes in IPFilter license to affect OpenBSD? (mod -1/47)
by mxffiles ( on Tue Feb 7 07:57:45 2017 (GMT)
  This is a very good post which I really enjoy reading. It is not every day that I have the possibility to see something like this. Software mxf Software mxf converter free download to convert HD camcorder files. ts converter convert ts video files to avi, mp4, wmv, mov mts to avi mp4 mov mkv iMovie, FCP/FCE with mts converter, so to convert mts files for your PC and mobiles. mod converter and convert tod files just free download mod video converter. m2ts
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]