The only one project I found that is actively maintained is https://github.com/sonertari/<https://github.com/sonertari/UTMFW>UTMFW<https://github.com/sonertari/UTMFW> You may also consider ansible playbook to manage pf, for example: https://www.lab-time.it/2017/10/13/openbsd-firewall-with-pf-using-ansible/
Kamil ________________________________ From: owner-m...@openbsd.org <owner-m...@openbsd.org> on behalf of Marco Prause <marco-obsdm...@prause.eu> Sent: Thursday, March 14, 2019 8:13:44 AM To: misc@openbsd.org Subject: Re: Are there open source firewall distributions which are built on top of OpenBSD? >> A standard OpenBSD installation is somewhat susceptible to power failures >> though. Especially fail/back/fail again during the startup procedure while >> it's relinking libraries in random order. Not saying it can't be used but >> some thought is needed if you know that it's *likely* to be powered off >> without shutdown, or if the power is flaky. > If you want to run a system that is resistant to damage from power faults, > take a look at Resflash. > > https://stable.rcesoftware.com/resflash/ > > It's more tolerant of power faults since the running system has all of its > actual disks in read-only mode and anything writable is done to mfs-based > mounts, including /usr/lib and /usr/libexec during the re-linking process. It > also has a very nice upgrade and rollback process, useful if you're > maintaining remote routers/firewalls. > > Don't ask for support on this list since it's not base OpenBSD, but the > author is pretty good about helping people out. I can second all what Paul wrote before. I've been running resflash-image driven openbsd instances in round about 15 distributed locations since 2016. Compared to let's say "commercial" equipment they do a *very* good job. As well it's update mechanism as it's integration in our automation and monitoring framework works very well. And they survived every datacenter current issue so far ;-) Cheers, Marco
