Contributed by jose on from the pf-web dept.
Some interesting features include:
- Automated installation process
- Network autodetection
- Web interface for all administrative functions
- Support for DNS and DHCP servers
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the pf-web dept.
Some interesting features include:
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Anonymous Coward () on
It's nicely done though, and it features a full system, allowing the admin to 'grow' as he/she learns more about OpenBSD. Other projects are mostly stripped-down versions of the base OS, allowing for not much growth.
Comments
By Anonymous Coward () on
The only thing I didn't see was a report on NAT, showing who is being NATed currently or who has been NATed. You could easily run a nmap on your NATed interface to see who responds, and who is not listed in your hosts file, for example. There may be other ways, I haven't looked.
Good foundation, and don't let the brainless naysayers here disturb you. After all, code talks, and hot air walks.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By cosmopolitan () on
By couderc () on
By Anonymous Coward () on
By Josh () selerius@codefusion.org on http://www.codefusion.org
How about not using the "anonymous coward" option next time, and let us know who you are. Its easy to point fingers and remain anonymous...
Until that time arrives, We will consider your comment moronic, on the basis that if you don't have the balls to let us know who you are, then you don't have ability/intellegence to backup such a comment.
So please enlighten us as to what you have contributed to OpenBSD that makes this person's hard work a "Waste of Time."
Comments
By Anonymous Coward () on
Comments
By couderc () on
Anonymous critics have no value, especially when they say that something is shit.
Now if you don't have any good arguments just shut up.
By RC () on
Ummm, cough.
By End User () on
i'll stick to the CL.
By Not Really Anonymous () on
Second, why is the project using a web interface? Yes, it's easier to develop, but I wouldn't trust my firewall with a web interface.
One more thing, is the password sent to the firewall encrypted in any way?
It's great to use OpenBSD because they make security a priority, but that won't stop someone from doing a simple sniff and undermining your entire network.
Comments
By Anonymous Coward () on
I would: Apache+SSL & .htaccess
Comments
By Not Really Anonymous () on
Then you have the average user setting up apache (w/.htaccess) and openssl, but still trying to group them into the simple pf interface category. To me (and I'm no guru) it's easier to configure the firewall with vi and I don't have to worry about securing a web interface.
There is also a lot of configuration involved to insure the web interface is secure and to miss one thing could compromise your entire network. They don't provide detailed information on how to insure the interface is secure.
The more layers you add, the level of risk increases.
I think if they focused on a secure simple interface, be it web or other, it would greatly help others become more secure. They would also need to provide detailed information on how to setup and configure the interface.
just my 5 euros.
By Matt Van Mater () on
good for you guys.
By Mark Heily () mheily@users.sourceforge.net on http://www.heily.com
First of all, about security: OpenSSL+basic authentication is used to secure the web interface. Passwords are encrypted.
Secondly, the web interface is reasonably secure and requires no user tweaking. The FAQ explains more about the security model used, but basically it has a custom 'sudo' that can only run a limited set of commands as root.
Lastly, I had a lot of fun writing this and I hope people find it useful for their home networks.