OpenBSD's PF packet filter has grown in power and appeal since its introduction in OpenBSD 3.0. With the imminent release of OpenBSD 3.5, Federico Biancuzzi interviewed several leading OpenBSD developers for their thoughts on PF and new features.

The latest version is out, and they have out done themselves once again. Have a look at the release page at the latest and greatest security enhancements, leaving se linux in the proverbial dust once again.

This site is for OpenBSD users and people interested in learning and using OpenBSD.

Note that I've written most of this document from memory. It appears to be

correct; if I've missed something or if you have any questions or comments,

feel free to

href="mailto:rjmooney@aboveground.cx">drop me a note

Described Network

Here's my network setup:

An esoteric buffer overflow bug in OpenBSD has been upgraded in importance after it was discovered that, in certain conditions, it could allow a cracker to gain remote access to a server.

The new release provides significant improvements, including new features, in nearly all areas of the system.

Support for OpenBSD (within PHP in particular) has in the past been sketchy, but things appear to be improving now. PHP3 and MySQL are both in the ports tree distributed with OpenBSD 2.7, making installation and configuration a relatively simple process.

There was a reaction to the announcements by the OpenBSD developer team about the exploits that surprised me. The reaction was to imply that the developers had been hiding the truth about the exploits so as to not tarnish the reputation of OpenBSD.

For most open source projects, news of an overlooked security hole is simply part of the debugging process. But for the developers of OpenBSD, an operating system whose design motto is "secure by default," it's nothing short of an affront.

OpenBSD 2.7 now ships with complete IPv6 support. In real world terms, this means you could feasibly operate a purely IPv6 network of OpenBSD machines, or have them participate in an IPv6 internetwork.