OpenBSD drops firewall program in licensing dispute

When an Australian software developer tightened licensing restrictions on his firewall program last month, he set off a chain of events that has caused a big controversy among the open-source developers who work on the OpenBSD operating system.

For the past five years, OpenBSD, an offshoot of the open-source Berkeley Standard Distribution Unix that was first developed almost two decades ago at the University of California, Berkeley, has included a firewall application called IPFilter 3.4 that tracks all information packets traveling in and out of network servers running the operating system.

But last month, Darren Reed, the Australia-based author of IPFilter, clarified the licensing language for his program to ensure that anyone wanting to make changes to the software could only do so with his prior approval. On his e-mail listserve on the Internet, Reed wrote that IPFilter had always had a restrictive license and that was merely making that fact more clear.

But because OpenBSD can be freely modified by users under its open-source licensing policy, Reed's clarification created a conflict that will result in the removal of IPFilter from future versions of the operating system, according to Theo de Raadt, the Calgary, Alberta-based founder and project manager for OpenBSD.

"Darren has told us that IPFilter does not meet our licensing rules, so out of respect to him, we must delete his code," de Raadt said. "This is completely against the rules of source code in OpenBSD," he said of Reed's requirement to have prior approval rights on changes to the IPFilter code.

De Raadt said he asked Reed to change the license but was turned down. A new firewall will be selected or developed to replace IPFilter within OpenBSD, he added. The matter may not stop there: De Raadt said an audit conducted after the IPFilter matter came to his attention revealed licensing issues with about five other programs that are also now being addressed.

In an interview conducted by e-mail, Reed said he had never before enforced his license for IPFilter. But while the software's source code has always been freely available, "I have never considered IPFilter to be open-source,'' Reed said. "It existed before 'open source' became a popular term, and it would appear that people have placed it in that barrel."

Reed wrote that he soon "will take steps to clear this mess up," adding that the issue "has been blown way out of proportion."

Sean Crittenden, a software developer and one of the participants on Reed's listserve, said he has used IPFilter in the past and would like to use it again in the future. Crittenden called the program "a great piece of work," with speed and performance not seen in other firewalls that could be used within OpenBSD.

But, he added, Reed's licensing restrictions are out of line for the open-source development model. According to Crittenden, the IPFIlter listserve is now abuzz with comments from other developers who hadn't noticed that the firewall wasn't as open as they'd thought. "This is a huge revelation for a lot of people," he said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about OpenBSD

Show Comments