[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipf



On Tue, 29 May 2001, Bob Beck wrote:

>     1) Darren's interpretation of his license is that modified
> versions are not allowed and that they *never were*. while legally we
> might get around that we should respect that, if we wanna be nice
> guys and do the right thing.
> 
>     2) Since we have to be able to distribute modified versions
> (according to our project goals at http://www.openbsd.org/goals.html)
> it's not going to work, having that code there taints the tree. Both
> OpenBSD and other vendors can't both respect Darren's wishes and
> distribute the code with our kernels in a manner that makes users
> believe the whole thing complies with our stated license policy.  If
> we dodge the issue and distribute it, all it means is more people
> think the ipf code is free, because it's in our kernel, when free
> versions of ipf aren't what the author wants. It's a disservice
> to our users and disrespectful to the author.

I completely agree.

Take a look at the bottom of the ipfilter page (for those who don't know,
it's located at http://coombs.anu.edu.au/ipfilter/).  That last line kind
of leaves a bad taste in my mouth, but certainly makes me appreciate the
BSD license for what it is.

"This product includes software developed by the University of California,
Berkeley and its contributors."

While I appreciate Darren's work and have used ipf as included with
OpenBSD for some time now, it seems kind of hypocritical for Darren to
benefit from BSD code in IPF, yet not extend others the same liberty with
his own code.  But he can do what he likes, and godspeed to him.  I just
hope he remembers where part of his codebase has come from.

For those casting doom and gloom on the lack of a firewall in OpenBSD,
this does not mean you cannot use ipfilter on OpenBSD.  It will just no
longer be a part of the kernel.  You can still install ipfilter if you
like, and can build firewalls for customers and what not if you like with
no problems as long as the version you're installing is a release
version.  The only problem is that you cannot modify the source code as it
exists from the distribution if your needs are different than the current
source allows for.  I certainly will move to another firewall if it can
compete competantly, but until such a beast exists, I'll be sticking with
ipf.

To those working on a replacement for ipf, I'll gladly donate what I
can.  Good beer, pizza, hardware, or whatever else it takes that I can
provide.

Regards,
--
Joseph