Frequently Asked Questions

Why is pfw coded in PHP?

PHP was chosen as the language because it's a decent language with lots of sites running it and there's a heap of knowledge how it works, what's the caveats and what's the security considerations with it.

Furthermore, PHP is probably the language that I know best and in order not to introduce stupid errors in the code for lack of knowledge, a well know language is much better than another less know perfect language.

Why didn't you make pfw so that there are no other dependancies and can be installed on an OpenBSD system without any ports?

This is probably the most frequent question. Why isn't pfw coded in perl (or c, ksh, ...) that is part of the base system as this must be more secure than using things installed using ports, right.

Well, this can only be true if the built-in programming languages are comparable in functionality. And since there are no special perl modules for handling specific web things in the base installation, this is not really the case. Specifically, there's no support for handling sessions.

This leaves a couple of options:

• Make a simplified/clunkier web interface. This isn't really a viable option since if the interface is not good then now one will use it.
• Add the functionality by using perl modules. Perl module ports or PHP ports, we're back to having to install separate packets anyway.
• Bundle needed perl modules with pfw. Nothing would be installed using ports and in reality it would be the same as installing a module using ports, or what's the guarantee that the developer would update the module faster than the port maintainer if there's need for an update.
• Rewrite needed functionality from scratch. And in the process likely recreating the problems that's solved in PHP, perl web-session modules or other web development languages/frameworks.

It might be possible to find a workaround and build a web-gui to pf using perl only done in a really simple and clever way. My knowledge of perl is not good enough to figure that out so if you feel inclined to do that then please go ahead. The community would only benefit from having options when choosing their firewall type and ways to manage them.

Can pfw be installed on a flash disk?

Most likely, you need a minimal OpenBSD installation, Apache, PHP and a small set of utilities to make it work. At the moment, there are no plans for creating a ready to install flash installation. There are a few such firewalls already and the target for pfw is for larger installation where logging is required, something that simply is not practical with flash.