

Resflash – Resilient OpenBSD images for flash memory - zdw
https://github.com/bconway/resflash

======
blue1
Can anyone suggest some reasonable-but-cheap hardware solution for an openbsd
firewall "appliance"? I've been using old PCs for years but they are not
really cheap when you consider the power consumption.

Soekris hardware is often suggested, but they are not so cheap.

~~~
bconway
If you want something router-like, PC Engines apu1d and apu1d4 at $124 and
$145 USD are good options, as is the older (but slower, i386-only) alix2d3 at
$103.

There are also plenty of micro ATX or all-in-one fanless PCs with dual-NICs in
a similar price range. Or dual-NIC Intel NUCs, as well (not fanless).

------
ratsmack
This seems like something that would be great for putting together a secure
router. It seems that most router manufacturers that use an open source OS use
Linux. I have yet to see an OpenBSD based commercial offering.

~~~
pakled_engineer
[https://www.esdenera.com/en/esdenera-
firewall](https://www.esdenera.com/en/esdenera-firewall)

[http://securityrouter.org/wiki/Pricing](http://securityrouter.org/wiki/Pricing)

eracks.com offers preinstalled obsd firewalls

Probably many others, but if you mean store bought consumer devices no idea
but would be trivial to abstract away the OBSD complexity and offer secure
remote updates if a company wanted. Why they don't, maybe it's cheaper or
easier to find GNU/Linux engineers.

~~~
A010
I feel like OpenBSD-based Firewall price is ridiculous compared with FreeBSD-
based (i.e. pfSense). Honestly, what make OpenBSD-based fw more expensive like
that? Or am I missing something?

~~~
gonzo
Many, many firewall vendors (some based on OpenBSD, some on FreeBSD, some on
linux) think they provide significant value.

They really don't.

Thus the growth of systems like pfSense.

------
bmir-alum-007
Really cool.

TL;DR: Resflash has some really useful features for real-world embedded use-
cases.

Having done embedded development (industrial packet radios), having an
embedded firmward loader and fail-safe ROM are definitely major pluses for
less brickable products. The having two versions is a similar approach.

Also handy is a dev board w/ actual hardware watchdog and some industrial
NVRAM.

------
listic
> Resflash exclusively uses read-only and memory-backed filesystems, and
> because the partitions are only written to during system upgrades (or as
> otherwise configured), filesystems are not subject to corruption or fsck due
> to power loss

How do I proceed about configuring Linux this way?

