[TriLUG] CARP license.
chrish at trilug.org
Wed Mar 31 07:45:50 EST 2004
On 30 Mar 2004, Jon Carnes wrote:
> OpenBSD firewalls now have redundant fail-over built into them. The
> protocol used for linking the redundant fail-over firewalls is CARP
> (Common Address Redundancy Protocol).
CARP is of course one of the major highlights of the upcoming 3.5 release.
But there are others. 3.5 has reignited by interest in OpenBSD
(recompiling my system just to patch it and lack of PAM/nsswitch is what
puts me off).
There were some nice changes to pf (OpenBSD's firewall... like iptables if
you're only exposed to Linux... but arguably much more feature rich than
its Linux counterpart).
Some great load balancing stuff was added to pf in the 3.5 release. You
now have a "sticky address" which lets you redirect ports on a round robin
basis, but have a source hash to set an affinity between a source and
pfsync lets you synchronize the state tables between a number of firewalls
that are working in parallel so you can effectively load balance your
firewalls without disrupting established stateful connections.
The great spamd daemon now supports greylisting (this alone is enough to
get me to upgrade).
BGP daemon is now built in (another great reason to upgrade).
pgrep and pkill. I take these for granted on Linux and utter explitives
when they are on my other *NIX systems. Now they are on OpenBSD as of
Huge improvements to TCP/IP stack. I'd love to see some before & after
Quoting directly from the features page: "OpenSSL now directly uses the
new AES instructions some VIA C3 processors provide, increasing AES to
780MBytes/second (so you get to see a fan-less cpu performing AES more
than 10x faster than the fastest cpu currently sold)." Wow.
Firefox is now bundled.
For non x86 architectures gcc 3.3.2 is now included with ProPolice
support. x86 does not lend itself well to extensions like ProPolice so
that arch is still at gcc 2.95.3.
A bunch of neat OpenSSH features are added. sshd can now force an
incoming client to change their expired password. You can put host keys
in DNS now, also.
See the full list for yourself at http://openbsd.org/35.html
More information about the TriLUG