[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OT: Re: Create a canned 'Firewall Build' or RFHH

To: misc@openbsd.org
Subject: OT: Re: Create a canned 'Firewall Build' or RFHH
From: Dave Taira <bodhi@hagakure.org>
Date: Mon, 25 Feb 2002 16:07:49 -0800 (PST)

On Mon, 25 Feb 2002, Angus Scott-Fleming wrote:

> On 25 Feb 2002 at 16:33, John R. S. Mascio wrote:
>
> > I decided to go with OpenBSD because of it's reputation for keeping
> > security in mind. So far, I've seen the OpenBSD community would rather
> > keep to themselves and require everyone to have to be an expert in
> > OpenBSD to use it, then share their knowledge to create tools for
> > those who know less but have just as strong a need for security.  If
> > that is the case, I'll find a different place to solve this problem...
>
> There is no other official OpenBSD list that addresses this.

Why should there be? What people are talking about sounds to me a
lot like a product that is built ON OpenBSD. Removing daemons and
adding quotas and whatever else.

> This is the "misc" list, right?  Where else should we discuss
> firewalls based on OpenBSD?

How about the obsdwall list that was setup for just this purpose?
General questions about pf or NAT are fine. Discussion about a
stripped down firewall-only box should go to the obsdwall list.

> Perhaps there needs to be a separate official (@openbsd.org)
> "Firewalls" list.

Why? There are other firewall lists. There's the obsdwall list.

> For now the obsdwall list is carrying the traffic, but I think
> this is a market niche that none of the other freenixen
> (FreeBSD, NetBSD, Linux) is addressing adequately.  And given
> OpenBSD's audited code, why would *_anyone_* base a firewall
> on an unaudited codebase UNLESS it's easy to set up?

People use whatever they use because it's what they know, or it's
what they've been sold. So they can go ahead and use something
they've been told is easy. And hey, if they have simple requirements,
maybe it is easy. But what's always easy is doing it wrong.

> I get security advisories on freebsd-announce at least several
> times a month (they're up to 02:12 so far this year), and
> SecurityFocus and other security sites have Linux security
> issues quite frequently.  While none of these may affect my
> firewall, I'd have to keep up with them nonetheless, which is
> why I, and John, and (based on the length of this thread and
> the fact that it spun off another list) think an easy-to-set-
> up, secure firewall package for OpenBSD is a Good Idea ....

Fine. So go do it. I'm not on the obsdwall list, so I don't know
what's been talked about there (and no, I'm not particularly
interested, or I'd be on the list). But here, all I've heard is
"OpenBSD should do <foo>" or "OpenBSD should include <bar>" and
NO ONE saying "here's what I've done, tell me what you think".
If you want to do the work, take it to the obsdwall list, and
discuss it with like-minded people.
+------------------------------------------------------------------------+
| Dave Taira <bodhi@hagakure.org>                2002.02.25/16:07:49 PST |
| Morlock for Hire                                                       |
+------------------------------------------------------------------------+
| "Thanks to the use of hallucinogenic drugs, I see through you."        |
|                                                           --Bill Hicks |
+------------------------------------------------------------------------+

Follow-Ups:
- Re: OT: Re: Create a canned 'Firewall Build' or RFHH
  - From: Henning Brauer <lists-openbsd@bsws.de>

References:
- Re: Create a canned 'Firewall Build' or RFHH
  - From: "Angus Scott-Fleming" <angussf@geoapps.com>

Prev by Date: Re: Create a canned 'Firewall Build' or RFHH
Next by Date: Re: Create a canned 'Firewall Build' or RFHH
Prev by thread: Re: Create a canned 'Firewall Build' or RFHH
Next by thread: Re: OT: Re: Create a canned 'Firewall Build' or RFHH
Index(es):
- Date
- Thread