Chapter 18). Several popular application proxies run quite well on OpenBSD, but they are not part of OpenBSD. I've used Squid (/usr/ports/www/squid) quite easily to proxy the most common Internet applications and an assortment of other proxies to manage just about everything else.
A firewall is what you make it. You can send all your network traffic through a simple OpenBSD packet filter and honestly say you have a "firewall," or you can set up application proxies, authentication, and so on, and still say you have a "firewall." Remember this the next time someone says that they have a firewall.To build an effective firewall, you absolutely must understand TCP/IP. If you don't understand as much TCP/IP as you'd like, allow me to recommend Stevens's TCP/IP Illustrated, volume 1 (Addison-Wesley). [1] While you can set up a basic firewall knowing only the basics of TCP/IP, you're going to find that debugging problems can be quite difficult.Throughout this section, we're going to talk about using your OpenBSD system as a firewall. This assumes that you have two or more network cards, and you want to pass traffic between them. While this is a popular application for OpenBSD, everything discussed here works just as well to protect an OpenBSD machine sitting naked on the Internet. Don't be afraid to implement packet filtering on your web server![1]I also recommend volumes 2 and 3, but for different reasons.