[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: IPFilter no longer available...
From:       "Nick Evans" <nevans () stevens-tech ! edu>
Date:       2001-05-31 17:56:19
[Download RAW message or body]

ipf can still be installed on an OpenBSD system, only post-2.9 releases
won't be shipped with ipf. There are still hooks in the bridging code for
ipf so transparent firewalls should still be possible.

Nick

-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au
[mailto:owner-ipfilter@coombs.anu.edu.au]On Behalf Of Clayton Fiske
Sent: Thursday, May 31, 2001 1:28 PM
To: filtro
Cc: ipfilter@coombs.anu.edu.au
Subject: Re: IPFilter no longer available...


You could use FreeBSD. While you can't do bridging with IPF, you can
enable stealth forwarding. The firewall would then not show up in a
traceroute or anything (no TTL decrement), so you'd still retain some
of the value. Yes, it would be technically reachable at the IP layer,
but only if you already knew there was a firewall and had some way of
identifying its IP address. Options like return-icmp-as-dest can be
useful for this as well.

Granted, it's not quite the same, but it is still a possible solution.

-c

On Thu, May 31, 2001 at 02:40:31PM +0200, filtro wrote:
>
> I understand you very well!!
> I had to go in a university to install firewall system, I did a firewall
> project and I had told them I would have used OpenBSD with 2 bridge
> interfaces (with no IP Assigned to them). And now I cannot do it anymore
> and I do not have any other product to use to do it.
>
> Rick
>
>
>
>
> On Wed, 30 May 2001, Jasper O'Malley wrote:
>
> > On Wed, 30 May 2001, Rob Meffan wrote:
> >
> > > It's astonishing to realize how many people complaining about the
> > > licensing clarification just don't get it. The contributions that
Darren
> > > accepts into the ipf code are things that people gave so that the
> > > product would improve as a whole. Perhaps they contributed patches or
> > > improvements out of self interest, perhaps not. Whatever the
reason(s),
> > > we all now have a solid firewall product to use as protection for our
> > > networks. Isn't that enough payback?
> >
> > Let's just say, for the sake of argument, that Darren is the despicable
> > bastard that people have been saying he is for the last few days (I tend
> > to think that's not actually the case, but I don't really know one way
or
> > the other). Say tomorrow he turns around and sells IP Filter and all of
> > his reserved rights to it to the XYZ Corporation for $8 billion dollars,
> > and they turn around and start selling it for $999.95. What the hell do
> > the hundreds or thousands of existing IPF users do when a gaping
security
> > hole is found in the last version available before Darren sold it? We
now
> > no longer "all have a solid firewall product to use as protection for
our
> > networks." Would you still feel adequately paid back?
> >
> > I think this is why people are pissed off. Because many of them have
been
> > under the impression, mistaken or not, that the software was free to use
> > in any way they saw fit (including modifying the source code, now and in
> > the future), and were using it for that reason. As far as I know, Darren
> > made no effort to make them aware of this widely-held misconception
until
> > a few days ago.
> >
> > > Any who complain about the license changes have more selfish interests
> > > at stake than they're admitting.
> >
> > Of *course* they're being selfish! They're using IP Filter because it's
> > good *and* because it's free. If, one day, it ceases to be free, it has
to
> > compete with some other very good commercial software. In that bastard
> > universe, it's easier to do so if you already have a captive userbase.
> >
> > Please understand that I'm not saying that Darren is an evil prick, and
> > I'm sure the reason that he's doing what he's doing is that he really
does
> > want to maintain control over the integrity of the code, but scenarios
> > like the one I've brought up need to be addressed before people can make
> > an informed decision to continue using IP Filter.
> >
> > > Personally, I don't care in the slightest if maintaining the integrity
> > > of the ipf code base interferes with someone else's self interest.
> >
> > I don't think anyone has a beef with Darren maintaining control over the
> > IPF codebase for quality assurance purposes. But for something like
that,
> > an Apache-style license (where derivative works are permitted, but not
> > allowed to call themselves "Apache") is appropriate and addresses the
> > concerns of most people who like to use free software.
> >
> > > And finally, these arguments are all moot. It's Darren's code.
> >
> > No shit. There wouldn't be an issue if it weren't.
> >
> > > He can do with it as he pleases. Why can't people just use ipf and be
> > > happy that such a solid firewall is available to us for NO
> > > CHARGE? Unbelievable.
> >
> > Because he's under no legal obligation to continue doing so, and if he
> > decides to stop making it available free of charge, you can't even fix
the
> > free version you have. Even if you can, you most certainly can't
> > distribute a complete, fixed version. How big would the patchkit need to
> > get before people start wondering if their time is better spent working
on
> > a different project?
> >
> > > Besides all of this, ipf can be distributed and modified if you get
> > > Darren's approval!
> >
> > What if he's dead? His estate owns the rights to the code for 70 years
> > after he dies. In his own words, he'd RIP, but what about the rest of
us?
> >
> > > Look, the bottom line is this: If anyone doesn't like the license,
they
> > > should stop using ipf.
> >
> > I think that most people would like not to have to do so, and so they're
> > asking Darren (some of them politely, some of them very rudely) to
please
> > use a free software license in the future. If his answer is a firm "no,"
> > and I think at this point that it is, then everyone needs to live with
the
> > consequences.
> >
> > Cheers,
> > Mick
> >
> >
>

[prev in list] [next in list] [prev in thread] [next in thread]