[ previous ] [ next ] [ threads ]
 From:  "Sancho2k.net Lists" <lists at sancho2k dot net>
 To:  Frederick Page <fpage at thebetteros dot oche dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenBSD Packet Filter in m0n0wall?
 Date:  Tue, 29 Mar 2005 22:42:55 -0700
Frederick Page wrote:

> That's why I am asking. I cannot know the reasons for the current
> platform, there might very well be killer-arguments against a change
> to another BSD.
> There are other BSD branches out there, they are related but more or
> less different. About anything running on FBSD can be compiled on OBSD
> and vice versa. Except a leap to OBSD would really be huge, as ipfw
> and ipfilter will not work there (only pf). Since pf already found
> it's way into FBSD now, this change to pf will (IMHO) only be a matter
> of time.

I'd like to see a project of the same kind as m0n0wall spring up on
OpenBSD. pf is featureful, secure, slim, and unencumbered. pfsync and
CARP are no-brainers for a high-availability firewall cluster. OpenNTPD
is featureless but keeps reliable time and is tiny and easy to maintain
and configure. The project has even produced a native userland bgpd and
soon ospfd (IIRC).

It seems to me that OpenBSD is just screaming for someone to pick up the
initiative and produce a nice embedded systems project a la m0n0wall.
It's small, secure, and no-nonsense.

Granted, these applications have been designed to be portable and will
all be available in FreeBSD, but there is something to be said for
running on the native platform at times.