Puffy Firewall | BSD Now 35

We\’re back again! On this week\’s packed show, we\’ve got one of the biggest tutorials we\’ve done in a while. It\’s an in-depth look at PF, OpenBSD\’s firewall, with some practical examples and different use cases.

We\’ll also be talking to Peter Hansteen about the new edition of \”The Book of PF.\” Of course, we\’ve got news and answers to your emails too, on BSD Now – the place to B.. SD.

Thanks to:


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –


ALTQ removed from PF

  • The classic packet queueing system, ALTQ, was recently removed from OpenBSD -current
  • There will be a transitional phase between 5.5 and 5.6 where you can still use it by replacing the \”queue\” keyword with \”oldqueue\” in your pf.conf
  • As of 5.6, due about six months from now, you\’ll have to change your ruleset to the new syntax if you\’re using it for bandwidth shaping
  • After more than ten years, bandwidth queueing has matured quite a bit and we can finally put ALTQ to rest, in favor of the new queueing subsystem
  • This doesn\’t affect FreeBSD, PCBSD, NetBSD or DragonflyBSD since all of their PFs are older and maintained separately

FreeBSD Quarterly Status Report

  • The quarterly status report from FreeBSD is out, detailing some of the project\’s ongoing tasks
  • Some highlights include the first \”stable\” branch of ports, ARM improvements (including SMP), bhyve improvements, more work on the test suite, desktop improvements including the new vt console driver and UEFI booting support finally being added
  • We\’ve got some specific updates from the cluster admin team, core team, documentation team, portmgr team, email team and release engineering team
  • LOTS of details and LOTS of topics to cover, give it a read

OpenBSD\’s OpenSSL rewrite continues with m2k14

NetBSD 6.1.4 and 6.0.5 released

  • New updates for the 6.1 and 6.0 branches of NetBSD, focusing on bugfixes
  • The main update is – of course – the heartbleed vulnerability
  • Also includes fixes for other security issues and even a kernel panic… on Atari
  • Patch your Ataris right now, this is serious business

Interview – Peter Hansteen – peter@bsdly.net / @pitrh

The Book of PF: 3rd edition


BSD Firewalls: PF

News Roundup

New Xorg now the default in FreeBSD

  • For quite a while now, FreeBSD has had two versions of X11 in ports
  • The older, stable version was the default, but you could install a newer one by having \”WITH_NEW_XORG\” in /etc/make.conf
  • They\’ve finally made the switch for 10-STABLE and 9-STABLE
  • Check this wiki page for more info

GSoC-accepted BSD projects

  • The Google Summer of Code team has got the list of accepted project proposals uploaded so we can see what\’s planned
  • OpenBSD\’s list includes DHCP configuration parsing improvements, systemd replacements, porting capsicum, GPT and UEFI support, and modernizing the DHCP daemon
  • The FreeBSD list was also posted
  • Theirs includes porting FreeBSD to the Android emulator, CTF in the kernel debugger, improved unicode support, converting firewall rules to a C module, pkgng improvements, MicroBlaze support, PXE fixes, bhyve caching, bootsplash and lots more
  • Good luck to all the students participating, hopefully they become full time BSD users

Complexity of FreeBSD VFS using ZFS as an example

  • HybridCluster posted the second part of their VFS and ZFS series
  • This new post has lots of technical details once again, definitely worth reading if you\’re a ZFS guy
  • Of course, also watch episode 24 for our interview with HybridCluster – they do really interesting stuff

PCBSD weekly digest

  • Preload has been ported over, it\’s a daemon that prefetches applications
  • PCBSD is developing their own desktop environment, Lumina (there\’s also an FAQ)
  • It\’s still in active development, but you can try it out by installing from ports
  • We\’ll be showing a live demo of it in a few weeks (when development settles down a bit)

  • All the tutorials are posted in their entirety at bsdnow.tv
  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv
  • If you\’ve got something cool to talk about and want to come on for an interview, shoot us an email
  • Also if you have any tutorial requests, we\’d be glad to show whatever the viewers want to see
  • It looks like OpenBSD 5.5 CD sets are already starting to show up in people\’s mail boxes – we\’ll have the full details of the release next week
  • Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)

Question? Comments? Contact us here!