OSNews:

OSNews: http://www.osnews.com/story/21643/PF_Enabled_by_Default_in_OpenBSD-current Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 30 Nov 2009 10:20:06 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Odd http://osnews.com/thread?367673 http://osnews.com/thread?367673 Considering OpenBSD always prided itself in being the most secure OS with it's default install (Mainly due to it rejecting everything and having all the services turned off) I find it very weird that it would enable PF to forward ALL incoming connections in by default.

To me, it just seems very weird to go against something they've been doing for so long. Tue, 09 Jun 2009 23:15:00 GMT donotreply@osnews.com (Finchwizard) Comments RE: Odd http://osnews.com/thread?367682 http://osnews.com/thread?367682 I think you're confusing having most services turned off with having pf on... turning on pf with the default install is new, they still leave most daemons off to have a 'secure by default' install.

This doesn't mean they used to have pf enabled but blocking everything... that wasn't the case in the past

They always have had the minimal services needed (meaning daemons aren't listening on ports), which they still do, but with the added benefit of pf being on but allowing all traffic except for the mentioned X tcp port Wed, 10 Jun 2009 00:34:00 GMT donotreply@osnews.com (flydpnkrtn) Comments we don't need to block unavailable services http://osnews.com/thread?367683 http://osnews.com/thread?367683 Yes, services disabled/minimized by default means we don't have to block any unavailable services. Wed, 10 Jun 2009 00:38:00 GMT donotreply@osnews.com (hxizan) Comments RE: Odd http://osnews.com/thread?368337 http://osnews.com/thread?368337 It isn't odd. As explained in FAQ:

"OpenBSD attempts to minimize the need for customization and tweaking. For the vast majority of users, OpenBSD "Just Works" on their hardware for their application. Not only is tweaking and customizing rarely needed, it is actively discouraged."

http://www.openbsd.org/faq/faq1.html

OpenBSD aims to be a general purpose OS, not only for servers, but for desktop or embedded systems too. Of course it can be a "lot more secure" than it is now, but this is not the point. You have to watch your mouth when you talk about what a "secure" OS is. Fri, 12 Jun 2009 23:56:00 GMT donotreply@osnews.com (dbolgheroni) Comments