With release 3.0 the OpenBSD project replaced Darren Reed's ipf software with the more license friendly pf filtering software. While pf and ipf are very similar in overall design, there are many subtle differences bewteen the two. This paper will focus . . .
With release 3.0 the OpenBSD project replaced Darren Reed's ipf software with the more license friendly pf filtering software. While pf and ipf are very similar in overall design, there are many subtle differences bewteen the two. This paper will focus on one particular difference between the two, how to allow outbound active FTP access from clients protected by an OpenBSD 3.0 firewall.

Before we go into detail about how to configure OpenBSD 3.0, let's briefly review how the FTP protocol works (and doesn't work). FTP is a very venerable protocol that was definately not designed with security in mind. While it was being developed, the concept of a firewall didn't even exist. Since then, improvements have been made to the FTP protocol to make it easier to secure. Unfortunately, client software packages (at least on the Windows platform) have been slow to adapt to these changes, forcing firewall administrators to develop some sort of workaround.

The link for this article located at Deadly.org is no longer available.