Linked by Thom Holwerda on Tue 9th Jun 2009 20:50 UTC, submitted by ZacharyM
OpenBSD "As seen here, PF is now enabled by default. The default pf.conf will now pass in all traffic, except for TCP port 6000 normally used by remote-X11. By having the X server still listen on port 6000 but let PF block incoming packets that aren't coming from localhost you can still use local X sessions that needs to talk to the TCP port or runs through a port forward from remote, but at the same time don't expose your machine on the network. Recent changes to PF, like having packet reassembly enabled on all packets by default, will now help clean incoming traffic."
Permalink for comment 368337
To read all comments associated with this story, please click here.
RE: Odd
by dbolgheroni on Fri 12th Jun 2009 23:56 UTC in reply to "Odd"
Member since:

It isn't odd. As explained in FAQ:

"OpenBSD attempts to minimize the need for customization and tweaking. For the vast majority of users, OpenBSD "Just Works" on their hardware for their application. Not only is tweaking and customizing rarely needed, it is actively discouraged."

OpenBSD aims to be a general purpose OS, not only for servers, but for desktop or embedded systems too. Of course it can be a "lot more secure" than it is now, but this is not the point. You have to watch your mouth when you talk about what a "secure" OS is.

Reply Parent Score: 1