OpenBSD

OpenBSD material

Zero to IPSec in 4 minutes on OpenBSD

This short article looks at how to get a fully functional IPSec VPN up and running between two fresh OpenBSD installations in about four minutes flat.

Gigabit OpenBrick recommendations

Links to gigabit-capable OpenBricks, including the Lex Twister, the current OpenBrick recommendation for VLAN firewalls, and the gigabit version of the OpenBrick-E

Defending Your Network

UCCSC 2007 presentation

OpenBSD 4.0 Firewall

How to build and configure a firewall on OpenBSD for bridging or routing (i386 Architecture)

VLAN Routing Firewall Rules

Last updated 9/13/2007. A sample ingress and egress ruleset for common campus services and ports. See the update log in the comments.

VLAN Routing Firewall Configuration Tool

Paul Waterstraat's tool to create the proper custom network configuration files for your VLAN routing firewall. (Beta)

FTP Proxy FAQ

OpenBSD's FAQ page on FTP and FTP Proxy

Insecure's ftp-proxy FAQ

A few things we've learned about ftp-proxy that aren't on the main ftp-proxy FAQ

Single user mode: reset root password

How to boot in single user mode and reset the root password

Copying a Compact Flash card with OpenBSD

Instructions on how to make a backup copy of your OpenBSD CF installation using a USB CF card reader

Plone unified installer

Plone 2.5.2 unified installer

OpenBSD 3.5 on an OpenBrick-E

How to securely build, using local resources, a transparent bridging firewall using an Openbrick-E and OpenBSD 3.5. Using a 533MHz Via processor with 256MB of memory and a 512MB Compact Flash card, our OpenBrick has no moving parts. With 3 10/100 interfaces, that leaves one leftover for CARP!

Defending your Network

IT Security Symposium 2005 lab + presentation on open source tools used to defend your network, including: nmap, Etherape, HOACD (Honeyd + OpenBSD + Arpd on CD), OpenIDS (Snort + friends), and MailDroid (SpamAssassin, CLAMAV, spamd, SquirrelMail + friends)

OpenBrick-E

A picture of my OpenBrick, with an OpenBSD 3.5 CD for comparison.

Modelling, Validation, and Optimization of Distributed Firewalls

Fireman: Firewall Modeling and Analysis As part of this project, we propose to develop a unified framework for policy-checking, optimization, and auto-reconfiguration of distributed firewalls. This research will provide novel analysis, design techniques, and tools to better protect our critical information infrastructures from attacks. We target at providing consistent and efficient security protection for an enterprise that may have geographically distributed business networks served by different local Internet Service Providers. We adopt an inter-disciplinary technical approach that leverages multiway communications among the three PIs with expertise in networking, security, and programming languages and compilers areas to design an integrated solution. In particular, we propose a systematic treatment of the problem by casting it as a static program analysis question, exploiting well-established and rigorous techniques from the area of programming languages and compilers.

ComixWall ISG

A full-featured Internet Service gateway with OpenBSD/pf, DansGuardian web filter (anti-virus through ClamAV), Snort IDS and periodic rule updates by oinkmaster, ClamAV and periodic signature updates by freshclam, SpamAssassin, OpenBSD spamd: spam deferral daemon, P3scan: POP3 anti-virus/anti-spam proxy, smtp-gated: SMTP anti-virus/anti-spam proxy, Dante: SOCKS proxy, Squid: HTTP proxy, Apache Web Server (OpenBSD httpd), Pound: reverse-http proxy, OpenBSD ftp-proxy, IMSpector: IM proxy which supports MSN, IRC, Yahoo, etc., DNS server, DHCP server, OpenSSH

Campus Moobilenet Subnets

This is a list of Moobilenet IP address ranges from Mark Stinson for use with firewall rules. Posted to the TSP list on 11/1/2008.