OpenBSD

Overview

OpenBSD is a free, open source Unix-like operating system derived from BSD (Berkeley Software Distribution). With its security, simplicity and code correctness as its core design concept, it is widely used in servers, network equipment, firewalls and security-sensitive environments. OpenBSD is maintained by the OpenBSD project led by Theo de Raadt and provides a complete operating system, including kernel, user space tools and documentation. It supports multiple architectures (x86_64, ARM64, RISC-V, PowerPC, etc.) and is famous for its PF firewall (Packet Filter), syspatch (security patch) and strict code audit. OpenBSD drives global critical infrastructure such as banking systems, VPNs and CDNs (such as some services of Cloudflare).

History and Development

• Origin:
  • OpenBSD originated in 1995 and was created by Theo de Raadt from the NetBSD branch. It became independent due to differences in development philosophy (focusing on security and free license).
  • OpenBSD 2.0 was released in 1996, introducing PF firewall and OpenSSH (now a global standard).
• Development history:
  • 1996-2000: OpenBSD 2.x series laid the foundation for security, released OpenSSH, and strengthened code auditing.
  • 2003-2010: OpenBSD 3.3 introduced W^X (memory protection), 4.0 supported SMP (multi-core processing), and was adopted by CDN and banks.
  • 2015-2020: OpenBSD 5.7 introduced syspatch, 6.0 supported ARM64, enhanced PF and OpenSMTPD.
  • 2021-2025: OpenBSD 7.7 (May 2025) optimizes RISC-V, Wi-Fi and Rust support, and continues to strengthen security.
  • X post says "PF and OpenSSH in OpenBSD 7.7 make the server rock solid".
• Community and Support:
  • Maintained by the OpenBSD project and community, hosted on openbsd.org and GitHub.
  • Provides a detailed OpenBSD FAQ (www.openbsd.org/faq), mailing lists and X community.
  • 6-month release cycle (each version is supported for 1 year, 7.7 until May 2026).
• Open Source License:
  • Adopts BSD license (2-Clause and 3-Clause), allowing free use, modification and distribution without mandatory open source derivative works.

Main Features

OpenBSD is known for its security, simplicity and reliability, suitable for security-sensitive environments. The following are its main features:

1. Security
   • Code audit:
     • Every line of code is strictly audited to reduce vulnerabilities.
     • W^X (write or execute), ASLR (address space randomization) and stack protection are enabled by default.
   • syspatch:
     • Automatically apply security patches:
   • OpenSSH:
     • Default integration, the world's most secure SSH implementation.
2. PF Firewall
   • Function:
     • High-performance Packet Filter, better than FreeBSD's PF.
     • Support NAT, traffic shaping and DDoS protection.
3. Package Management and Ports
   • Pkg System:
     • Provides 10,000+ pre-compiled packages, similar to FreeBSD's Pkg.
   • Ports System:
     • Compile software from source code, flexible customization.
4. Desktop and Server Support
   • Desktop Environment:
     • Supports XFCE (default lightweight), GNOME, KDE Plasma, etc., which need to be manually configured.
   • Server:
     • No GUI by default, suitable for running Apache, Nginx.
     • Support VMM (virtual machine manager), similar to FreeBSD's Bhyve.
5. Simplicity and documentation
   • Simple design:
     • Minimal default installation, only necessary components included.
     • X post said "OpenBSD's simplicity allows people to focus on core tasks."
   • Documentation:
     • OpenBSD FAQ and man pages provide detailed guidance (refer to www.openbsd.org/faq).

Advantages and limitations

Advantages

• Security:
  • Strict auditing, W^X and syspatch make OpenBSD one of the most secure operating systems.
  • X post said "OpenBSD is the first choice for security-sensitive projects."
• PF firewall:
  • High performance and flexibility, better than Linux's iptables and FreeBSD's PF.
• BSD License:
  • More relaxed than GPL, suitable for commercial and open source projects.
• Simplicity:
  • Minimized design, reduced attack surface, suitable for firewalls and servers.
• OpenSSH:
  • Default integration, driving global SSH connections.

Limitations

• Learning curve:
  • OpenBSD configuration (such as PF, Ports) is more complicated than Linux, and you need to be familiar with BSD commands.
• Software ecosystem:
  • The number of packages is less than FreeBSD (10,000 vs 30,000), and the latest software may lag behind.
• Hardware compatibility:
  • Driver support is limited, Wi-Fi and GPU need to be configured manually.
• Community size:
  • Smaller than Ubuntu and FreeBSD, with fewer resources.
  • Solution: Combine OpenBSD FAQ and X tutorial.

Summary

OpenBSD is a free, open source Unix-like operating system that features security, PF firewall, OpenSSH, and BSD license, suitable for firewalls, servers, and security-sensitive environments. It provides simple system design and strict code auditing, driving critical infrastructure such as banks and CDNs. OpenBSD is more suitable for server deployments that pursue extreme security.