OpenBSD Journal

The Open Road: OpenBSD's Packet Filter

Contributed by jose on from the kickin-ass-and-showing-who's-who dept.

A. Farber writes: "Enjoy a two-part article on the pf, spamd and altq by Joe "Zonker" Brockmeier on unixreview.com: OpenBSD's Packet Filter and Return of Packet Filter ."

The articles are a bit quick in their pace, but overall the exposure of PF to large masses of UNIX users is a Good Thing™. This should help convince people to install OpenBSD and use it to provide low cost, high quality network filters and appliances.

(Comments are closed)


Comments
  1. By Mark () on

    Years ago, while at college, I remember a course on operating systems : it was essentially theoretical, without any example taken from recent source code. I think OpenBSD would get a wider exposure to more Unix users if it served as the basis of OS classes (like in a previous article mentioning some teacher in Canada or wherever).

    As for Zonker's articles, it would be more accurate to say that many new users are often surprised that after installing OpenBSD, all they have is a bare system, almost a skeleton. Then comes the question : how do they put meat on it ? I know the answer is RTFM but for people like young cousin Vinnie (a fake name), an OS installed with no GUI is quite a frightening sight.

    Last thought, is it really a good thing to kind of relegate OpenBSD to the niche of low cost, high quality network filters and appliances ? After all, many people use it as their main desktop OS.

    Comments
    1. By Anonymous Coward () on

      no GUI ? try 'startx'

      Comments
      1. By SFN () on

        "try 'startx'"

        On a bare system?

        Comments
        1. By Anonymous Coward () on

          Yes, a bare install of 3.3-sparc on an ss20. Log in, type startx, and you're greeted by a nice fvwm desktop. No need to configure X, because it's already done :p

      2. By Anonymous Coward () on

        actually for me the sequence is "xf86cfg" wait, select the mouse, click emulate 3 buttons, quit, save, and THEN "startx"

        Unfortunately, you then have a bare bones GUI..

        I love OBSD, and use it for hours each day managing our large network, but do I wish it were a little easier to get a web browser and other stuff going. Maybe we need a "set up workstation" script that did a:

        cd /usr/ports
        cd ; make ; make install
        cd ; make ; make install
        and on.

        and at the end, we have a workstation with
        a decent calculator(for example), browser, and MS Office compatible office automation suite.

        I dreaming, I know....

        Comments
        1. By SFN () on

          It's a great dream though.

          People are starting to buy into Linux in larger numbers. If they realized that OpenBSD was more solid, more secure, etc. AND was just as easy to set up as Linux, if not easier, AND had the same software available, tides could turn.

          Sure, one could play the whole "1337" card and say that it doesn't need to be easy but that's just foolish.

        2. By Anonymous Coward () on


          what the hell are you talking about? Apache is default. dumbass. Maybe we need a "get a clue" script.

          Comments
          1. By Anonymous Coward () on

            im a dumbass.
            it says "browser" - i read "server".

        3. By Fábio Olivé Leite () foleite@yahoo.com.br on mailto:foleite@yahoo.com.br

          OK, so how about "xf86cfg" and then "pkg_add kde*"? [warning: this is figurative speech, actual commands may vary]

          You'll end up with a _very_ complete, GUI and kitchen sink desktop OS.

          Just don't do that on the company's firewall. :-D

          Comments
          1. By Anonymous Coward () on

            KDE, yuck! fluxbox if anything :)

            Comments
            1. By Fábio Olivé Leite () foleite@yahoo.com.br on mailto:foleite@yahoo.com.br

              The guy sounded like he wanted the full blinkenlights, heheheh.

              Fluxbox is really nice, but since I went to a software company with mostly windows heads I noticed that KDE makes me not look _so_ odd.

              People still stare at the maximized Konsole or xterm and ask me why I like my desktop so dark. Then I usually fire up vim on some random source file and say "look at them colors!". :-)

        4. By Anonymous Coward () on

          xf86cfg -textmode
          gives you more beer etc

        5. By Anonymous Coward () on

          Who's stopping you from writing such a script that automagically installs packages and configures other stuff just the way you like it?
          You can't write one that's good for everyone, as everyone likes different apps. And installing everything is unnecessary bloat. If you want that, go and use linux ;-)

        6. By James A. Peltier () james@site-fx.net on http://www.site-fx.net

          You could just build your own port that states the dependancies in it for GNOME,OpenOffice,Evolution,Pan, gFTP,whatever you use.

          Than it just a simple make install and go away.

      3. By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/

        I'm currently writing a paper called "OpenBSD for girlfriends".

        My girlfriend doesn't know _anything_ about computer science and she doesn't want to.

        But she sometimes want to browse the internet, read/write email, fetch and view pics from the digital camera, write basic documents, print stuff and play freecell.

        It's why I decided to set up a hard disk for her, with OpenBSD and every basic stuff from a workstation preinstalled and configured.

        I will not always keep this OS and the installed apps up to date. I don't want her to be vulnerable to viruses, worms and other internet annoyances. It's why I chose OpenBSD.

        Until you get a fully functionnal workstation for a real novice a lot of steps have to be performed. Not just pkg_add kde*. For instance KDE is absolutely not ready to use the printer after that. It doesn't have any icon to click on in order to browse the inserted CDROM. [k]mplayer and Xmms are not optimally configured. KDM has to be installed in place of XDM so that she can easily turn the computer off. Java has to be configured in Konqueror. Nice-looking fonts have to be installed and configured. Kmail has to be configured. Etc.

        It's why I'm writing this little paper that explains step by step how to install a "girlfriend-ready" system from scratch. Maybe it can help a lot of people who don't consider OpenBSD on the desktop.

        Comments
        1. By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/

          The only real problem she has with OpenBSD is the lack of a Flash plugin. A lot of web sites are just inaccessible without Flash :(

          FreeBSD has a small wrapper to use the Linux plugin with FreeBSD browsers (at least Mozilla and Konqueror), it would be really nice if something similar did exist on OpenBSD.

          Yes, Flash is binary-only, proprietary, etc. But nowadays it's a bit mandatory to properly browse the we and opensource re-implementations are way behind the proprietary one :(

          Comments
          1. By Anonymous Coward () on

            if you want flash and sparkle *woo ahhh* *yay* *look at me i shine* go somewhere else. next!

            Comments
            1. By tedu () on

              he doesn't want to make it, he wants to look at it. or she does, anyway.

          2. By grey () the email the email the the the email. DELETED! on http://www.homestarrunner.com

            Ummm,

            I've seen with my own two eyes jsyn@ viewing homestarrunner.net (it's Dot Com) on OpenBSD. I believe just using the linux emulation cruft to get a linux plugin to work. I tend not to use X at all, so I've not tried myself - but you might want to reinvestigate that issue.

            Burninate!

          3. By tedu () on

            flash works fine in opera. though i think it's actually using the flash plugin that comes with the netscape port.

          4. By Anonymous Coward () on

            Konqueror + using Netscape plugin.
            Opera + using Netscape plugin.
            WINE / CrossOver + .exe (x86 only, deprecated).
            Mozilla, probably.

            I have never had these problems on any of my boxes, except that with Netscape 4.x things like java were unstable. I'm not running OpenBSD on my desktop but my guess is that this should work. After all, Netscape got ported to a *lot* of archs and OSes.

        2. By Anonymous Coward () on

          I like your style and look forward to your paper.

        3. By Anonymous Coward () on

          Looking forward to the paper.

  2. By systrace () bofh@nni.com on cowofb0rg.org

    "Last thought, is it really a good thing to kind of relegate OpenBSD to the niche of low cost, high quality network filters and appliances ? After all, many people use it as their main desktop OS."

    Yes alot of people do, but thats just not what openbsd is about IMO. If i wanted something more desktop oriented i'd use a more desktop oriented OS.

    Take linux for example, it tries to be a server OS, and a desktop OS..I'm not saying it does a horrible job, but the kernel is far from simple, and it added more bloat for desktop features.

    I think OpenBSD should keep doing what its doing, and concentrate on the features that it has always concentrated on. How does that saying go ? "Free, Functional, Secure".

    I would prefer if OpenBSD stayed the course of ultra secure, and also becoming more finely tuned for performance in a clean fashion. (No Magic Numbers!!:)

    just my 2c

    Comments
    1. By Anonymous Coward () on

      I like your 2 cents.

    2. By Anonymous Coward () on

      I completely agree!

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]