OpenBSD based internet security gateway

Alan DeWitt alan.dewitt at gmail.com
Sat Oct 4 07:48:15 CEST 2008 

On Oct 3, 2008, at 6:34 AM, Juergen Scholten wrote:
> as an OpenBSD fan I'm using ComixWall by Soner Tari since a few  
> weeks (www.comixwall.org).
> It is a complete free internet security gateway (ISG) based on  
> OpenBSD maybe comparable with smoothwall etc. At the moment only  
> for i386 and newer hardware because it takes some performance.
> My interest is, does anybody else have experience with it and what  
> do think about it?

I have played around with it just a little bit, but I have not looked  
closely at the additional software as yet. I have not used it in a  
production environment.

I love the *concept*. It's the sort of thing that has the potential  
to be easily deployed to a customer, with the possibility of handing  
the keys to a less skilled client to manage mostly for themselves.

Mr. Tari seems to be very respectful of the OpenBSD community, and  
his additional code is under a BSD license. Comixwall insulates  
potential OpenBSD users from having to actually learn much of  
anything, though, which is a big bummer in some ways even while it's  
an advantage in others. (See above.)

The execution from what I have seen is promising. The web interface  
is well-designed visually and informative. The big limitation I have  
seen so far is poor documentation; for instance, it is not altogether  
clear that Comixwall is installed simply by adding the included site  
bundle at install time. The additional install script itself does not  
give very good feedback. (Both of these are probably due to English  
not being his native language and his presumed focus on the gui  
aspect.) The installer seems a little finicky, and the web interface  
seems a bit unstable.

I have not looked closely at the settings to ensure he's chosen  
sensible defaults, and I have no idea how maintainable the system  
will turn out to be. Caveat emptor.

So to sum up I think it's a great idea, and potentially a great  
product, that could use some more polish and developer love.

-Alan

More information about the Openbsd-newbies mailing list