[PLUG] Minimal firewall hardware

Mark Martin mmartin at u.washington.edu
Fri Apr 25 17:02:02 UTC 2003


On Friday 25 April 2003 11:24, Paul Heinlein wrote:
> My understanding is that 3.3 is substantially different from 2.5,
> though other PLUG folks with better BSD chops might be able to provide
> a fuller discussion of the issue.

Theo de Raadt had a "falling out" with the author of IPFilter, which was 
completely independent of OpenBSD, regarding making modifications to the 
source code.  As I recall, the OpenBSD folks insisted on modifying the code 
in the course of their characteristic security audits and other development 
activities whereas the author of IPFilter wanted complete control over any 
modifications.  A flame war ensued, the end result of which was the removal 
of IPFilter from OpenBSD and the creation of a completely new firewalling 
package written for OpenBSD by the OpenBSD developers.  I believe that this 
occurred during the transition between 2.8 and 2.9 in the middle of 2001.  
So, you might expect substantial differences between the firewalling code in 
2.5 and 3.3, although I believe that the OpenBSD folks at least initially 
maintained compatibility with IPFilter to ease the transition for their 
users.

I built firewalls using OpenBSD 2.8 and 2.9 but haven't done so more recently.  
So I can't tell you how large the differences are without trolling through 
some documentation.

Food for enquiring minds. ;-)  Enjoy,

Mark
-- 
---------------------------------------------------------------------
Mark A. Martin, Ph.D.
Applied Mathematics -- Software Development -- Systems Administration
Currently available for employment.
See http://www.amath.washington.edu/~mmartin/resume/ for details.
---------------------------------------------------------------------





More information about the PLUG mailing list