Kurt Seifried, [email protected]
It's not often a new BSD comes out. And unfortunately this is not one of those times. On January the 22nd, 2002 Darren Reed (the author of IPF, a popular packet filter) announced that he had released OpenBSD 3.0 with IPFilter 3.4.23.
binary files for OpenBSD/i386 3.0 with IPFilter 3.4.23 are available at http://openbsd30.ipfilter.org src .tgz's should be around soonish. in the next few weeks, I'll build and upload iso's. If you must do it from source, IPFilter 3.4.23 contains all the scripts and patches you need to patch-up a openbsd 3.0 distribution.
Installation is problematic. The files are only available from one location, a website, and are not mirrored anywhere. When you choose the "http" installation option the only websites that come up are the default OpenBSD 3.0 ones, the one with Darren Reed's OpenBSD 3.0 is not listed. If you manually enter the location when the installation program tries to find the files it fails, as it cannot find the files, even after searching for them. To install Darren Reed's OpenBSD 3.0 you must manually download the files and copy them to an ftp server, http server, tape, cdrom or harddrive that will be accessible to the machine being installed.
Once you have copied the files you will need to choose your installation method, do not forget to change the default path's and site Darren Reed lists in the installation program or you will likely end up installing OpenBSD 3.0 by accident. Unfortunately Darren Reed's OpenBSD 3.0 is stripped down, only the base, etc, misc, comp, man, game and bsd packages are available. There is no X Windowing System packages, so when the installation asks you if you plan to use X you should change the default from yes to no.
Minimal distribution specific documentation is available. All the documentation shipped with the product applies to a "stock" OpenBSD 3.0 from openbsd.org, from the email to root from Theo DeRaadt, "man afterboot" and the pf man pages. There is limited documentation available for ipf, man pages for using the ipf control binary is available, but as for documentation on how to actual configure the firewall there is none at all. In addition to this /etc/ipf.conf is missing, however /etc/pf.conf is present (as is the man page for it). Additionally in /etc/rc.conf there is an entry for "ipfilter" and for pf, it is not clearly stated which applies however from /etc/rc it is apparent that the "ipfilter" line is the one used. The good news is that there is documentation for ipf online that is quite good, and can be found with minimal effort. If you wish to submit a bug report you will have to email Darren Reed directly as the "sendbug" command is configured to
Updating Darren Reed's OpenBSD 3.0 is critical as it ships with a number of issues that have been fixed in stock OpenBSD 3.0. Unfortunately updates are only available through "normal" OpenBSD channels, however if you are careful you can collect updates via CVS from the OpenBSD servers, then apply Darren Reed's patches and source code for ipf/etc and with some simple modification to make files you should be able to update a system using Darren Reed's OpenBSD 3.0. Unfortunately no documentation on this procedure is available yet.
Support for Darren Reed's OpenBSD 3.0 is not yet available, indeed there are no support contacts listed, email addresses to report bugs to, feature requests and so on. The good news is that commercial support providers should be able to provide support for Darren Reed's OpenBSD 3.0.
Darren Reed's OpenBSD 3.0 with ipf is not yet a usable product. It contains a variety of security problems and is difficult to update. It is obvious that a minimal amount of effort was made to launch this product as several configuration files still refer to pf, as well pf binaries and documentation shipping with the product. This reviewer recommends that you stick with stock OpenBSD 3.0 and pf, the ruleset is largely compatible with ipf, and it is properly supported and maintained by the OpenBSD community.
Reference links:
Darren Reed's OpenBSD 3.0 with ipf - http://openbsd30.ipfilter.org
Darren Reed's original message - http://groups.google.com/groups?hl=en&selm=3c45befe%40clarion.carno.net.au
Last updated 1/22/2002
Copyright Kurt Seifried 2002