Podcast Episode Details

Back to Podcast Episodes
72: Common *Sense Approach

72: Common *Sense Approach

This week on the show, we'll be talking to Jos Schellevis about OPNsense, a new firewall project that was forked from pfSense. We'll learn some of the backstory and see what they've got planned for the future. We've also got all this week's news and answers to all your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid

Headlines

Be your own VPN provider with OpenBSD

  • We've covered how to build a BSD-based gateway that tunnels all your traffic through a VPN in the past - but what if you don't trust any VPN company?
  • It's easy for anyone to say "of course we don't run a modified version of OpenVPN that logs all your traffic... what are you talking about?"
  • The VPN provider might also be slow to apply security patches, putting you and the rest of the users at risk
  • With this guide, you'll be able to cut out the middleman and create your own VPN, using OpenBSD
  • It covers topics such as protecting your server, securing DNS lookups, configuring the firewall properly, general security practices and of course actually setting up the VPN ***

FreeBSD vs Gentoo comparison

  • People coming over from Linux will sometimes compare FreeBSD to Gentoo, mostly because of the ports-like portage system for installing software
  • This article takes that notion and goes much more in-depth, with lots more comparisons between the two systems
  • The author mentions that the installers are very different, ports and portage have many subtle differences and a few other things
  • If you're a curious Gentoo user considering FreeBSD, this might be a good article to check out to learn a bit more ***

Kernel WX in OpenBSD

  • WX, "Write XOR Execute," is a security feature of OpenBSD with a rather strange-looking name
  • It's meant to be an exploit mitigation technique, disallowing pages in the address space of a process to be both writable and executable at the same time
  • This helps prevent some types of buffer overflows: code injected into it won't execute, but will crash the program (quite obviously the lesser of the two evils)
  • Through some recent work, OpenBSD's kernel now has no part of the address space without this feature - whereas it was only enabled in the userland previously
  • Doing this incorrectly in the kernel could lead to far worse consequences, and is a lot harder to debug, so this is a pretty huge accomplishment that's been in the works for a while
  • More technical details can be found in some recent CVS commits ***

Building an IPFW-based router

  • We've covered building routers with PF many times before, but what about IPFW?
  • A certain host of

    Published on 10 years, 11 months ago





If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate

© 2025 Developer Service

DevAsService

DevAsService

Cloud Home Lab

Developer Service

Imaginator

Courses Developer Service

Is It Clickbait