BSD License????

[Warren Togami]

----- Original Message -----
From: "Dusty" <dusty at sandust.com>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Thursday, September 06, 2001 1:36 PM
Subject: [luau] BSD License????


> Can software under the BSD license be forked into a GPL version?
Basically I am wondering if the firewall code that the OpenBSD guys are
developing "PF" could be ported over to Linux?
>

No.
The BSD license without the advertising clause is considered "GPL
compatible" and approved by OSI, but the copyright owner of the code must
relicense it under a different license in order to make a GPL release.

At one point someone was interested in porting IPFilter to Linux, and it was
working in late versions of Linux kernel 1.3 and early 2.0 back when Linux
firewall code was weak.  However, due to the licensing it could never be
incorporated (nor were the Linux developers interested in it), so the
developer doing the port eventually gave up.  Over time it became
imcompatible with Linux again, because the kernel is a constantly moving
target.

Now that Netfilter is superior in both features and flexibity to IPFilter
(aside from the butt ugly and confusing configuration syntax), even if IPF
were to suddenly become GPL licensed, Linux developers would have little
reason to duplicate effort in an IPFilter port.

This being said, there is a chance here:
OpenBSD developers have done an awesome job of duplicating the commercial
SSH into OpenSSH.  Their work was so good in fact, that all major Linux
distributions now include OpenSSH servers and clients.  In their new PF
project they will duplicate the functionality of IPFilter, but what stops
them from extending it and adding more powerful features that IPFilter
lacks?

And say this greatly improved BSD PF has all the powerful featuires of
Netfilter, but with the ease of configuration of IPFilter.  I'm sure the
Linux core developers may be interested.


> Hopefully PF will be as good as IPfilter.  IPfilter is on every *NIX
except Linux because the developer hates the GPL.
>

> Netfilter/IPtables is powerful, but so complex that it is almost unsable
in a simple enviorment, nevermind a complex enviorment with multiple
networks and special access to certain systems.  IPfilter is pretty simple
to use and very straightforward and PF is suposed to use the exact same
syntax.
>
>
> Dusty

Obligatory retort, copied from my other e-mail:
Most users of Netfilter/iptables use well tested and powerful scripts made
by teams of developers.  I personally like MonMotha's script because it is
simple to setup, and has all the features that I need.  A few times it
didn't have a feature that I needed (like Starcraft connection tracking) so
I wrote it, and the author will soon incorporate it as an option.  In the
mean time people can download my Starcraft add-on script from MPLUG.

Almost every week other developers send him new features in this fashion to
add to the script.  If they are "obviously correct" they are added to the
latest beta version.  Sometimes they cause subtle conflicts or problems, and
these are reported and fixed quickly.  When they go several weeks without
any complaints, then the resulting script is considered "stable" and posted
to the MonMotha mirrors (one is MPLUG).  This kind of process means that
people can use featureful and well tested scripts.

How is this different than other open source software?  It isn't.  In fact,
this is how open source development is supposed to work.

Does this mean Netfilter is unusable as you say?  Yes, if you try to
configure it yourself.  Otherwise, use the powerful and well tested scripts
for iptables and it works very well.