Haiku firewall

Mr_video2 · April 9, 2024, 9:44pm

Does haiku have a native firewall application? Are all ports open by default? I’m considering using this box as a small web server so it might be a good idea to have one.

nephele · April 10, 2024, 12:02am

No, we do not have a firewall per default.
No, ports are not open by default, like pretty much all other OS ports are only open when an application specifically listens to it.

That said, Haiku is a terrible choice for a webserver. Consider using an OS suited to this purpose instead, For example OpenBSD, FreeBSD, Linux (alpine linux) etc

wotef · April 10, 2024, 5:33am

Is it possible to port pf from freebsd or openbsd?

PulkoMandy · April 10, 2024, 6:51am

The network stack is completely different, so, we would have to re-implement most of the kernel side part (that is, most of the tool). The userspace tools could be reused if we implement a compatible interface for them.

Mr_video2 · April 10, 2024, 6:57pm

I found an old beos application called be protected, that serves the same purpose as a firewall. Should be able to use the old apps as I’m on the Intel x86 architecture.

marcoapc · April 11, 2024, 6:19am

Porting the NetBSD firewall would be an easier option:

https://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20130314_1854.html

nephele · April 11, 2024, 8:11am

If we port any syntax, for the configuration alone I think pf from OpenBSD makes most sense, it is a comparitively easy syntax to write.

Though, Haiku would likely want a gui tool anyway. So maybe porting any is not such a good idea.

marcoapc · April 11, 2024, 3:17pm

Porting pf OpenBSD is more complex, npf is more portable, creating a gui depends on the tool used, *BSDs have several firewalls on the base system.

Starcrasher · April 11, 2024, 4:37pm

I think what nephele try to say is that Haiku has a different philosophy.
In Haiku, you rather have a program conceived with a GUI, then you make only the necessary available on command line but it stays only one software.
A software included in the OS would stick the philosophy, but that’s more work than a ‘simple’ port.

In other systems, you create a command line program first, then anyone can make a GUI and you can end with countless programs even if obviously you won’t install them all.
A port distributed separately, would probably follow this path. The tool would be ported and, unless someone write a native one, the GUI too.