This short article looks at how to get a fully functional IPSec VPN up and running between two fresh OpenBSD installations in about four minutes flat.
Links to gigabit-capable OpenBricks, including the Lex Twister, the current OpenBrick recommendation for VLAN firewalls, and the gigabit version of the OpenBrick-E
UCCSC 2007 presentation
How to build and configure a firewall on OpenBSD for bridging or routing (i386 Architecture)
Last updated 9/13/2007. A sample ingress and egress ruleset for common campus services and ports. See the update log in the comments.
Paul Waterstraat's tool to create the proper custom network configuration files for your VLAN routing firewall. (Beta)
OpenBSD's FAQ page on FTP and FTP Proxy
A few things we've learned about ftp-proxy that aren't on the main ftp-proxy FAQ
How to boot in single user mode and reset the root password
Instructions on how to make a backup copy of your OpenBSD CF installation using a USB CF card reader
Plone 2.5.2 unified installer
IT Security Symposium 2005 lab + presentation on open source tools used to defend your network, including: nmap, Etherape, HOACD (Honeyd + OpenBSD + Arpd on CD), OpenIDS (Snort + friends), and MailDroid (SpamAssassin, CLAMAV, spamd, SquirrelMail + friends)
A picture of my OpenBrick, with an OpenBSD 3.5 CD for comparison.
Fireman: Firewall Modeling and Analysis As part of this project, we propose to develop a unified framework for policy-checking, optimization, and auto-reconfiguration of distributed firewalls. This research will provide novel analysis, design techniques, and tools to better protect our critical information infrastructures from attacks. We target at providing consistent and efficient security protection for an enterprise that may have geographically distributed business networks served by different local Internet Service Providers. We adopt an inter-disciplinary technical approach that leverages multiway communications among the three PIs with expertise in networking, security, and programming languages and compilers areas to design an integrated solution. In particular, we propose a systematic treatment of the problem by casting it as a static program analysis question, exploiting well-established and rigorous techniques from the area of programming languages and compilers.
A full-featured Internet Service gateway with OpenBSD/pf, DansGuardian web filter (anti-virus through ClamAV), Snort IDS and periodic rule updates by oinkmaster, ClamAV and periodic signature updates by freshclam, SpamAssassin, OpenBSD spamd: spam deferral daemon, P3scan: POP3 anti-virus/anti-spam proxy, smtp-gated: SMTP anti-virus/anti-spam proxy, Dante: SOCKS proxy, Squid: HTTP proxy, Apache Web Server (OpenBSD httpd), Pound: reverse-http proxy, OpenBSD ftp-proxy, IMSpector: IM proxy which supports MSN, IRC, Yahoo, etc., DNS server, DHCP server, OpenSSH
This is a list of Moobilenet IP address ranges from Mark Stinson for use with firewall rules. Posted to the TSP list on 11/1/2008.
How to securely build, using local resources, a transparent bridging firewall using an Openbrick-E and OpenBSD 3.5. Using a 533MHz Via processor with 256MB of memory and a 512MB Compact Flash card, our OpenBrick has no moving parts. With 3 10/100 interfaces, that leaves one leftover for CARP!