Lots of miscommunications in these threads. The original poster here was talking about setting up a virtual firewall machine to deal with traffic on a single box. Most of the war stories are from sys admins protecting a corporate LAN (or larger) with lawyers and accountants weighing in. Of course you need to consider the collective OpenBSD wisdom and up your game accordingly, when protecting a multimillion dollar facility.
I could really go for a methanol, about now! On Tue, May 28, 2019 at 6:58 AM Kevin Chadwick <m8il1i...@gmail.com> wrote: > On 5/24/19 8:30 PM, Jean-Francois Simon wrote: > > Hi, > > > > Out of interest, I'd like to let you know a specific use of OpenBSD with > PF, in > > virtualbox, 2 virtual network card Bridged to physical NIC, and building > up a > > subnet with NAT and hence running Packet Filter as the > machine's firewall. > > > > > > That's the firewall I use under Win7, OpenBSD running in a VM, out of > pure > > interest into running BSD and let it purify the network access to > > desktop (without need for additional hardware). > > > > > > Works well, love it. > > I have done something similar in the past. My personal preference is > hyper-v on > windows 10 pro which seven can be upgraded to. I would hope hyper-V has > inherited kernel sandboxing/mitigation protections and hardening from > Windows > kernel/azure. > > I assign the physical nick to the OpenBSD VM and remove all check boxes > like > ipv4/ipv6 support from that nick. Then I had an VNAT device for windows to > talk > to. Glasswire ontop gives a window into the why is it connecting there or > obfuscating CDNs https certs without the other free windows firewall cruft. > > I assume communications to the windows box could be made from a foreign > network > via arp manipulation but a nice setup none the less, if you can be > bothered with it. > >
