HowTo: Use OpenBSD In the Corporate Environment

Posted on in Categories OpenBSD last updated April 20, 2011

OpenBSD has a reputation for high security and difficult operating systems for new user. But, some orginsations are using OpenBSD for everything including firewall, servers and desktop computers. This is quite impressive, from the article:

So our paid job is hacking on and deploying, maintaining, supporting… OpenBSD installations. We are also required to hack on things that can be merged back into OpenBSD itself and when it’s not possible, then we change what we did so that it can be. Of course some developments are very specific to what we do and have no place in the project’s CVS tree.

So, amongst other services, we set up and maintain several 100% OpenBSD-based infrastructures (going from the entry site firewall to the secretary’s workstation) and this is what I’m going to talk about here.

As a side note, it is important to know that we are working exclusively for Fortune 500 companies (each operating in totally different and unrelated sectors).

Read more: A Puffy in the corporate aquarium.

Firewall Builder: Convert Linux Iptables Configuration to OpenBSD and PF

Posted on in Categories Iptables, Linux, OpenBSD, Security last updated March 25, 2009

Lets see how much effort it is going to take to convert this configuration to entirely different firewall platform – PF on OpenBSD. There are different ways to do this. I could make a copy of each member firewall (linux-test-1 and linux-test-2), set platform and host OS in the copy to PF and OpenBSD and then create new cluster object. This would be a sensible way because it preserves old objects which helps to roll back in case something does not work out. However, to make the explanation shorter, I am going to make the changes in place by modifying existing objects.

OpenBSD foundation announced

Posted on in Categories OpenBSD, UNIX last updated July 26, 2007
OpenBSD foundation announced

Good news from OpenBSD project. The OpenBSD Foundation is pleased to announce today it has completed its organization as a Canadian federal non-profit corporation and is ready for public interaction.

The OpenBSD Foundation is a Canadian not-for-profit corporation which exists to support OpenBSD and related projects such as OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. While the foundation works in close cooperation with the developers of these wonderful free software projects, it is a separate entity.

However this may turn down a few people:

We are not a registered charity, in the sense that we do not issue tax deductible receipts. The reporting overhead (accounting and legal costs) to operate a registered charity in Canada is prohibitive without a sizable revenue stream. Currently, this would divert a great deal of resources that could be better utilized in helping build good free software. We do issue receipts (not tax deductable) for all donations.

Nevertheless it is a good move in right direction.

=> The OpenBSD Foundation

Howto monitor OpenBSD PF firewall for performance

Posted on in Categories Monitoring, OpenBSD, Security, UNIX last updated July 3, 2007

Packet Filter aka PF is OpenBSD’s system for filtering TCP/IP traffic / NAT software. I always like the simplicity offered by PF firewall. There is a new article that explains the PF performance monitoring:

The PF (packet filter) firewall package was introduced in OpenBSD 3.0, and has since been ported to the FreeBSD and NetBSD Operating Systems. PF contains a stateful packet inspection engine, the ability to replicate state information to a backup firewall, a flexible self optimizing rule engine, QOS support, and the ability to collect performance metrics. These metrics can be useful for gauging the performance of a firewall platform, and provide a way to trend firewall performance over time. This article will describe several utilities that can be used to monitor the health and performance of a PF firewall.

On a related note you may find our FreeBSD firewall startup guide quite useful.

Monitoring PF firewalls for health and performance [prefetch.net]

How To Monitor Linux / BSD System Over Time Without Scrolling Output Using watch Command

Posted on in Categories Linux, UNIX last updated June 25, 2017

YYou can use the watch command to execute a program or shell script periodically, display its output on screen repeatedly. That allows you to look at the program output change over time. By default, the program runs every 2 seconds. Aforementioned is useful to monitor memory utilization, RAID rebuilds progress or disk space usage over time without having to look at scrolling output.