April 30, 2014

35: Puffy Firewall

1 hour 19 minutes

We're back again! On this week's packed show, we've got one of the biggest tutorials we've done in a while. It's an in-depth look at PF, OpenBSD's firewall, with some practical examples and different use cases. We'll also be talking to Peter Hansteen about the new edition of "The Book of PF." Of course, we've got news and answers to your emails too, on BSD Now - the place to B.. SD.

This episode was brought to you by

Headlines

ALTQ removed from PF

Kicking off our big PF episode...

The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current

There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the "queue" keyword with "oldqueue" in your pf.conf

As of 5.6, due about six months from now, you'll have to change your ruleset to the new syntax if you're using it for bandwidth shaping

After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem

This doesn't affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately.

***

FreeBSD Quarterly Status Report

The quarterly status report from FreeBSD is out, detailing some of the project's ongoing tasks

Some highlights include the first "stable" branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added

We've got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team

LOTS of details and LOTS of topics to cover, give it a read

***

OpenBSD's OpenSSL rewrite continues with m2k14

A mini OpenBSD hackathon begins in Morocco, Africa

You can follow the changes in the -current CVS log, but a lot of work is mainly going towards the OpenSSL cleaning

We've got two trip reports so far, hopefully we'll have some more to show you in a future episode

You can see some of the more interesting quotes from the tear-down or see everything

Apparently they are going to call the fork "LibreSSL" ....

What were the OpenSSL developers thinking? The RSA private key was used to seed the entropy!

We also got some mainstream news coverage and another post from Ted about the history of the fork

Definitely consider donating to the OpenBSD foundation, this fork will benefit all the other BSDs too

***

NetBSD 6.1.4 and 6.0.5 released

New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes

The main update is - of course - the heartbleed vulnerability

Also includes fixes for other security issues and even a kernel panic... on Atari

Patch your Ataris right now, this is serious business

***

Interview - Peter Hansteen - [email protected] / @pitrh

The Book of PF: 3rd edition

Tutorial

BSD Firewalls: PF

News Roundup

New Xorg now the default in FreeBSD

For quite a while now, FreeBSD has had two versions of X11 in ports

The older, stable version was the default, but you could install a newer one by having "WITH_NEW_XORG" in /etc/make.conf

They've finally made the switch for 10-STABLE and 9-STABLE

Check this wiki page for more info

***

GSoC-accepted BSD projects

The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what's planned

OpenBSD's list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon

The FreeBSD list was also posted

Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more

Good luck to all the students participating, hopefully they become full time BSD users

***

Complexity of FreeBSD VFS using ZFS as an example

HybridCluster posted the second part of their VFS and ZFS series

This new post has lots of technical details once again, definitely worth reading if you're a ZFS guy

Of course, also watch episode 24 for our interview with HybridCluster - they do really interesting stuff

***

PCBSD weekly digest

Preload has been ported over, it's a daemon that prefetches applications

PCBSD is developing their own desktop environment, Lumina (there's also an FAQ)

It's still in active development, but you can try it out by installing from ports

We'll be showing a live demo of it in a few weeks (when development settles down a bit)

Some kid in Australia subjects his poor mother to being on camera while she tries out PCBSD and gives her impressions of it

***

...more

View all episodes

By JT Pennington

4.8

9191 ratings