OpenBSD Journal

Securing Small Networks with OpenBSD, part 6

Contributed by jose on from the pf-logging dept.

Jacek Artymiak writes :
" Securing Small Networks with OpenBSD, part 6, Archiving PF Firewall Logs is available on-line at O'Reilly Network. The whole series is now a separate column .

Also of interest is a little side-project, OpenBSD Administrator Toolbox , which will contain scripts and config files from the series, errata, as well as any additional scripts I write (pf curses-based config tool, I'm working on, and others). For now, there's only one script in that archive, the one from part 6, but others will follow soon (today or tomorrow).

Have fun!

Jacek Artymiak "

As always, this series is doing a great job of providing a lot of informational value. Also, note that another column this month, Big Scary Daemon: Installing OpenBSD 3.1 may be of interest to some people. The author of Big Scary Daemon normally runs FreeBSD, so it is interesting to read his perspective on OpenBSD.

(Comments are closed)

  1. By RC () on

    Why are OpenBSD discussions limited to the extent of firewalling? I think there are enough how-tos and tutorials that the subject has been beaten to death. Let's move on to another subject.

    Tired of Emacs v. VI? Tired of BSD v. Linux? How about this:

    Starting Services as Root, then Chroot'ing and droping permissions
    Starting Services as a non-Privlidged user

    You might say it's already been going. Check out the discussion so far:

    1. By Jacek Artymiak () on

      That's what most of the readers who bother to write to me want. I have a long list of requests, which I am using to choose topics for future installments of this series. Do not worry, pf is not going to be covered forever :-)

      Besides, the latest pieces are not limited solely to the subject of pf.

      Jacek Artymiak

    2. By Anonymous Coward () on

      I have some good sucess using as webserver and other services, It's just a common urban legend about obsd begin only good to firewalls.

      1. By Jacek Artymiak () on

        I'd say that's the result of their main goal -- security.

        I have plans for articles describing OpenBSD as a server platform, is anyone interested?

        Jacek Artymiak

        1. By emcis () on

          Please. I'd love to replace all my file/print/PDC servers with OpenBSD and get Windows out of my life, at least on the server end. Printingprint serving in OpenBSD in particular looks to be a thorny issue. At least Linux has CUPS to help simplify that.

          Personally, I've really enjoyed and learned a lot from the articles on PF. Thanks for making them available.

        2. By Anonymous Coward () on

          Yes, very. HowTo's are common enough but clearly written ones are less so. I find it very helpful to read working examples, they add clarity to what I get from the man pages. One I would like to see is a mail server, complete tips on how to set it up to avoid the common pitfalls which generally aren't made clear in man pages. If it included SSL support that would be even better. Maybe this stuff is already out there but I haven't found it. Links are welcomed.

          1. By Jacek Artymiak () on

            IPSec, SSL, and "server" stuff is coming soon, I promise.


  2. By Evan Read () on

    This guy has written Absolute BSD (FreeBSD) and I read somewhere he is also writing a book on OpenBSD.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]