OpenBSD is just an OS, not a firewall...

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenBSD is just an OS, not a firewall...

Chris Smith-32
... if you really want a firewall you need pfSense.

Also if you " walk into any security experts convention and claim that
raw OpenBSD is "a firewall", you will get laughed out of the room for
lack of clue."

Guess I've been wrong all these years: see the comments to
https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

James Shupe-4
On 06/08/2012 12:55 PM, Chris Smith wrote:

> ... if you really want a firewall you need pfSense.
>
> Also if you " walk into any security experts convention and claim that
> raw OpenBSD is "a firewall", you will get laughed out of the room for
> lack of clue."
>
> Guess I've been wrong all these years: see the comments to
> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe
>
>
>

I was just reading that and cringing.


--
James Shupe

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Chris Eidem-3
In reply to this post by Chris Smith-32
Wow.  Just, wow.



Nice pineapple, dude...



-----Original Message-----

From: [hidden email] [mailto:[hidden email]] On Behalf Of Chris Smith

Sent: Friday, June 08, 2012 12:56 PM

To: OpenBSD-Misc

Subject: OpenBSD is just an OS, not a firewall...



... if you really want a firewall you need pfSense.



Also if you " walk into any security experts convention and claim that

raw OpenBSD is "a firewall", you will get laughed out of the room for

lack of clue."



Guess I've been wrong all these years: see the comments to

https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe


Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Michel Blais-2
In reply to this post by Chris Smith-32
Lmfao
Le 8 juin 2012 14:01, "Chris Smith" <[hidden email]> a écrit :

> ... if you really want a firewall you need pfSense.
>
> Also if you " walk into any security experts convention and claim that
> raw OpenBSD is "a firewall", you will get laughed out of the room for
> lack of clue."
>
> Guess I've been wrong all these years: see the comments to
> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Brian Hechinger
In reply to this post by Chris Smith-32
On 6/8/2012 1:55 PM, Chris Smith wrote:
> ... if you really want a firewall you need pfSense.
>
> Also if you " walk into any security experts convention and claim that
> raw OpenBSD is "a firewall", you will get laughed out of the room for
> lack of clue."
>
> Guess I've been wrong all these years: see the comments to
> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe
>

"I cannot press the +1 button on your response hard enough.  And there
is no +5 button."

If I could be bothered to setup a G+ account I would be right there with
him.

-brian

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Alvaro Mantilla Gimenez-4
Uuuuuuuhhhh....seems the guy (Keith whatever) has some issues in his brain
right now. Hahahahahahaha!!

" I challenge you to go onto forums.pfsense.org and tell them that. There are
plenty of security professionals there who are clearly more experienced than
you who will put you straight!"

Can´t wait to read the answer to this...

Cheers,

     Alvaro

El 08/06/2012, a las 13:07, Brian Hechinger escribió:

> On 6/8/2012 1:55 PM, Chris Smith wrote:
>> ... if you really want a firewall you need pfSense.
>>
>> Also if you " walk into any security experts convention and claim that
>> raw OpenBSD is "a firewall", you will get laughed out of the room for
>> lack of clue."
>>
>> Guess I've been wrong all these years: see the comments to
>> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe
>>
>
> "I cannot press the +1 button on your response hard enough.  And there is no
+5 button."
>
> If I could be bothered to setup a G+ account I would be right there with
him.
>
> -brian

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Chris Eidem-3
In reply to this post by Chris Smith-32
From the g+ spew:



"I grew up and got a life!



"You boys need a good beating with the clue stick:

Hacking configuration files directly does not give you better security.

Hacking configuration files directly does not make you better at security.



"And the converse is true:

Using a GUI to make firewall changes does not give you worse security

Using a GUI to make firewall changes does not make you worse at security.



"You still need to know what you are doing!



"Any view contrary to this is borne of pure ignorance, prejudice and incompetence."





So, if there were some distro with a GUI front end for this "security professional" with OpenBSD in the background, with some other name and distributed as a bootable DVD -- call it DoucheWall -- OpenBSD would all of a sudden become a "firewall"?



-----Original Message-----

From: [hidden email] [mailto:[hidden email]] On Behalf Of Chris Smith

Sent: Friday, June 08, 2012 12:56 PM

To: OpenBSD-Misc

Subject: OpenBSD is just an OS, not a firewall...



... if you really want a firewall you need pfSense.



Also if you " walk into any security experts convention and claim that

raw OpenBSD is "a firewall", you will get laughed out of the room for

lack of clue."



Guess I've been wrong all these years: see the comments to

https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe


Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Kurt Mosiejczuk-6
In reply to this post by Brian Hechinger
Brian Hechinger wrote:
> On 6/8/2012 1:55 PM, Chris Smith wrote:
>> ... if you really want a firewall you need pfSense.

>> Also if you " walk into any security experts convention and claim that
>> raw OpenBSD is "a firewall", you will get laughed out of the room for
>> lack of clue."

>> Guess I've been wrong all these years: see the comments to
>> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe

> "I cannot press the +1 button on your response hard enough.  And there
> is no +5 button."

> If I could be bothered to setup a G+ account I would be right there with
> him.

I really shouldn't have commented, as it might feed the misguided troll.
  But I felt the particularly clueful guy should be noted as such.

--Kurt

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

polken
In reply to this post by Chris Eidem-3
totally agree

> From: [hidden email]
> To: [hidden email]
> Subject: Re: OpenBSD is just an OS, not a firewall...
> Date: Fri, 8 Jun 2012 19:48:45 +0000
>
> From the g+ spew:
>
>
>
> "I grew up and got a life!
>
>
>
> "You boys need a good beating with the clue stick:
>
> Hacking configuration files directly does not give you better security.
>
> Hacking configuration files directly does not make you better at security.
>
>
>
> "And the converse is true:
>
> Using a GUI to make firewall changes does not give you worse security
>
> Using a GUI to make firewall changes does not make you worse at security.
>
>
>
> "You still need to know what you are doing!
>
>
>
> "Any view contrary to this is borne of pure ignorance, prejudice and
incompetence."
>
>
>
>
>
> So, if there were some distro with a GUI front end for this "security
professional" with OpenBSD in the background, with some other name and
distributed as a bootable DVD -- call it DoucheWall -- OpenBSD would all of a
sudden become a "firewall"?
>
>
>
> -----Original Message-----
>
> From: [hidden email] [mailto:[hidden email]] On Behalf Of
Chris Smith

>
> Sent: Friday, June 08, 2012 12:56 PM
>
> To: OpenBSD-Misc
>
> Subject: OpenBSD is just an OS, not a firewall...
>
>
>
> ... if you really want a firewall you need pfSense.
>
>
>
> Also if you " walk into any security experts convention and claim that
>
> raw OpenBSD is "a firewall", you will get laughed out of the room for
>
> lack of clue."
>
>
>
> Guess I've been wrong all these years: see the comments to
>
> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Chris Cappuccio
In reply to this post by Chris Eidem-3
This is all making me very worried about Brad's MailScanner and whether or not it actually caught any viruses that might infect my mutt mail client.

I wasn't aware that a firewall needed configuration files or GUI. What is my firewall doing? I don't know. How can claims of pure ignorance, prejudice and incompetence prevail? Was it scanned by MailScanner? That's what I really want to know.

Chris Eidem [[hidden email]] wrote:

> >From the g+ spew:
>
> "I grew up and got a life!
>
> "You boys need a good beating with the clue stick:
> Hacking configuration files directly does not give you better security.
> Hacking configuration files directly does not make you better at security.
>
> "And the converse is true:
> Using a GUI to make firewall changes does not give you worse security
> Using a GUI to make firewall changes does not make you worse at security.
>
> "You still need to know what you are doing!
>
> "Any view contrary to this is borne of pure ignorance, prejudice and incompetence."
>
>
> So, if there were some distro with a GUI front end for this "security professional" with OpenBSD in the background, with some other name and distributed as a bootable DVD -- call it DoucheWall -- OpenBSD would all of a sudden become a "firewall"?
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Chris Smith
> Sent: Friday, June 08, 2012 12:56 PM
> To: OpenBSD-Misc
> Subject: OpenBSD is just an OS, not a firewall...
>
> ... if you really want a firewall you need pfSense.
>
> Also if you " walk into any security experts convention and claim that
> raw OpenBSD is "a firewall", you will get laughed out of the room for
> lack of clue."
>
> Guess I've been wrong all these years: see the comments to
> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe

--
Keep them laughing half the time, scared of you the other half. And always keep them guessing. -- Clair George

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Lars Hansson-5
In reply to this post by Chris Smith-32
Hmm..I get  "This post could not be found."

Cheers,
Lars


On Sat, Jun 9, 2012 at 1:55 AM, Chris Smith <[hidden email]> wrote:
> ... if you really want a firewall you need pfSense.
>
> Also if you " walk into any security experts convention and claim that
> raw OpenBSD is "a firewall", you will get laughed out of the room for
> lack of clue."
>
> Guess I've been wrong all these years: see the comments to
> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

James Shupe-4
On 06/09/2012 10:52 PM, Lars Hansson wrote:
> Hmm..I get  "This post could not be found."
>
> Cheers,
> Lars
>
>
> On Sat, Jun 9, 2012 at 1:55 AM, Chris Smith <[hidden email]>
wrote:

>> ... if you really want a firewall you need pfSense.
>>
>> Also if you " walk into any security experts convention and claim that
>> raw OpenBSD is "a firewall", you will get laughed out of the room for
>> lack of clue."
>>
>> Guess I've been wrong all these years: see the comments to
>> https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe
>
>

Troll posts are often lost...

--
James Shupe

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Chris Smith-32
In reply to this post by Lars Hansson-5
On Sat, Jun 9, 2012 at 11:52 PM, Lars Hansson <[hidden email]> wrote:
> Hmm..I get  "This post could not be found."

Apparently the original post has been deleted by its author. His
prerogative, but I think it's in bad taste to create such history
gaps.

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Ted Unangst-6
In reply to this post by Chris Smith-32
On Sun, Jun 10, 2012 at 09:44, Chris Smith wrote:
> On Sat, Jun 9, 2012 at 11:52 PM, Lars Hansson <[hidden email]> wrote:
>> Hmm..I get  "This post could not be found."
>
> Apparently the original post has been deleted by its author. His
> prerogative, but I think it's in bad taste to create such history
> gaps.

The original post had nothing to do with OpenBSD, some nitwit hijacked
the comment thread.  I don't think the author has any obligation to
play host to a battleground.

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

James Shupe-4
On 06/10/2012 12:58 PM, Ted Unangst wrote:
> some nitwit hijacked the comment thread.

I couldn't resist feeding the troll. This thread can die now, too.

--
James Shupe

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Chris Smith-32
In reply to this post by Ted Unangst-6
On Sun, Jun 10, 2012 at 1:58 PM, Ted Unangst <[hidden email]> wrote:
> The original post had nothing to do with OpenBSD, some nitwit hijacked
> the comment thread.  I don't think the author has any obligation to
> play host to a battleground.

The original post was about IPv6, someone commented that he couldn't
do IPv6 because of problems with his pfSense firewall. I suggested he
switch to OpenBSD to ameliorate the issue and that's when he shot off
that it isn't a firewall, blah, blah, blah. I saw the comment thread
as more of a segue than a hijack.

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Marc Espie-2
On Sun, Jun 10, 2012 at 02:14:08PM -0400, Chris Smith wrote:

> On Sun, Jun 10, 2012 at 1:58 PM, Ted Unangst <[hidden email]> wrote:
> > The original post had nothing to do with OpenBSD, some nitwit hijacked
> > the comment thread.  I don't think the author has any obligation to
> > play host to a battleground.
>
> The original post was about IPv6, someone commented that he couldn't
> do IPv6 because of problems with his pfSense firewall. I suggested he
> switch to OpenBSD to ameliorate the issue and that's when he shot off
> that it isn't a firewall, blah, blah, blah. I saw the comment thread
> as more of a segue than a hijack.

Well, we had enough time to punch the dimwit into the ground before
the thread vanished, didn't we ?

all that nonsense about "hardening"...

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD is just an OS, not a firewall...

Franco Fichtner-2
On Jun 10, 2012, at 9:05 PM, Marc Espie wrote:

> On Sun, Jun 10, 2012 at 02:14:08PM -0400, Chris Smith wrote:
>> On Sun, Jun 10, 2012 at 1:58 PM, Ted Unangst <[hidden email]> wrote:
>>> The original post had nothing to do with OpenBSD, some nitwit hijacked
>>> the comment thread.  I don't think the author has any obligation to
>>> play host to a battleground.
>>
>> The original post was about IPv6, someone commented that he couldn't
>> do IPv6 because of problems with his pfSense firewall. I suggested he
>> switch to OpenBSD to ameliorate the issue and that's when he shot off
>> that it isn't a firewall, blah, blah, blah. I saw the comment thread
>> as more of a segue than a hijack.
>
> Well, we had enough time to punch the dimwit into the ground before
> the thread vanished, didn't we ?
>
> all that nonsense about "hardening"...

And somehow he got caught up in this "if you don't have a GUI you are no
firewall" argument. I've heard that before at work. Two years later we
had to slap together a CLI, because without it "we can never be a good
firewall". :P


Franco