OPNsense Forum
English Forums => General Discussion => Topic started by: macafee on April 06, 2023, 03:19:55 am
-
I found the DynFi Firewall.
https://dynfi.com/en/dynfi-firewall/
A fork of opnsense?
-
looks similar...
-
Clearly is:
https://github.com/DynFi
-
ToDoo becomes DynFi and continues its development
ToDoo actively supports the creation of the pfSense software fork: OPNsense®, we were one of the first partners of the project in 2015.
In 2017 ToDoo started developing “DynFi® Manager” software, the first centralized management solution for open source firewalls, compatible with pfSense and OPNsense firewalls. DynFi believes that pfSense and OPNSense software should have a centralized management solution. That is why we have invested so much time, energy and money in developing this software.
We believe that with DynFi® Manager software, we have met a major challenge that neither player had the time or willingness to take on: enabling centralized firewall management in an efficient and seamless manner.
In 2019 the company decided to create a fork of the OPNsense software named “Dynfi Firewall”, 100% based on a compilation of the sources and the FreeBSD kernel.
In 2020 the company ToDoo changes its name to DynFi and continues its development in France and Europe.
The DynFi brand is now a worldwide brand.
We continue to be very involved in the community of open source firewall users. Our CEO Grégory BERNARD regularly participates in international cybersecurity conferences as a speaker, notably in 2019 for the Paris Open Source Summit 2019, and in 2021 for Open Source Experience.
DynFi is dedicated to helping enterprises get the most out of their firewalls.
-
...not a single real name on the web page
https://dynfi.com/en/you-and-us/legal-infos/
Is it a shell company of the French secret service? :-D
-
Also I could not find any pointer to the source repository on the website.
-
Its a real company with real people just backporting opnsense commits to its own fork, telling the government its a french Firewall ;)
-
Its a real company with real people just backporting opnsense commits to its own fork, telling the government its a french Firewall ;)
Shady at best, if nobody is willing to give his name for a project like this....
-
One thing of note here is that Greg was active in the forum in the early days. I think you can find the discussion about him wanting a firewall API (or complaining about lack of it), but unwilling to fund it directly but rather through workforce hired by him. This was (and still is) problematic for simple code review and audit reasons since the changes are possibly huge and a design document was also not being proposed at that time.
About the fork, if you can call a periodic full update of an older version discontinued by us that, what struck us as odd was the bold behaviour to base their releases on our business release branches that we open-sourced in order for people to look at the contents, but we have since decided to discontinued these branches for that single fact alone.
If you look at the commits you see that plugins were thrown into the core and the plugin repository itself scrapped creating a full UTM type software that is "easier to maintain". And if you take another look at the commits you see that operational issues and fixes are not being worked on as a steady stream of updates that make up most of your stable updates. For some reason it's enough to do a new version once or twice in a year and all users are happy.
Disclaimer: I'm not complaining. It is what it is. ;)
Cheers,
Franco
-
One thing of note here is that Greg was active in the forum in the early days. I think you can find the discussion about him wanting a firewall API (or complaining about lack of it), but unwilling to fund it directly but rather through workforce hired by him. This was (and still is) problematic for simple code review and audit reasons since the changes are possibly huge and a design document was also not being proposed at that time.
About the fork, if you can call a periodic full update of an older version discontinued by us that, what struck us as odd was the bold behaviour to base their releases on our business release branches that we open-sourced in order for people to look at the contents, but we have since decided to discontinued these branches for that single fact alone.
If you look at the commits you see that plugins were thrown into the core and the plugin repository itself scrapped creating a full UTM type software that is "easier to maintain". And if you take another look at the commits you see that operational issues and fixes are not being worked on as a steady stream of updates that make up most of your stable updates. For some reason it's enough to do a new version once or twice in a year and all users are happy.
Disclaimer: I'm not complaining. It is what it is. ;)
Cheers,
Franco
Its like a LTSC in Microsoft terms. Long Term Service Channel is the Enterprise branch of the updates users get and the troubles they have with them.
They are then merged in to the service channel on big commits every 6 mths making sure everything is running great and stable for production environments.
They have a huge testing community aká us... and then taking the best parts and merge them in their own releases.
Clever way of doing business.
-
Hello to all,
I would like to clarify couple of things in this thread.
Couple of precision here:
Brief history facts
ToDoo (now DynFi) was one of the leading distributor of pfSense in France from 2008 until 2014, back when OPNsense didn't exist. So we share some common root with OPNsense.
DynFi was a key company behind the disclosure of the OPNsense.com scam organized by Netgate owners. Thanks to our deep knowledge of DNS (we maintain primary DNS for a country) and our specialized brand lawyer and WIPO, we have helped Deciso release the "Domain by Proxy" lock and recover this domain name. This was a huge victory for OPNsense team. We got 2 lines of credits in an obscure post at the time.
In 2015 / 2016 while we were early partners (and sponsors) of the project, we came and visited Deciso's team to discuss our will to develop a "Central Management solution" which didn't exist at the time and we were coldly welcome with a "we do not want any partner to develop this". Fair enough, but at the time and for the next four years and to a certain extent until now, there is no On Premise Central Management solution beside our own DynFi Manager.
Considering this will to not to share anything with any partner as far as development is concerned, which choices were we left with ?
Development of DynFi Manager
So back in 2017 what could have been a nice team work, clearly became the end of a partnership.
We drew the consequences of the rejection of cooperation on the Manager part and started the development of our DynFi Manager. The first version was officially launched in 2018.
There has been more than 60 releases and patches since we first launch the DynFi Manager in 2018.
Development of DynFi Firewall
We have started developing the DynFi Firewall back in 2019 because we thought It could interesting to have a distinct platform with no HardenedBSD in It, but rather directly based on the FBSD kernel. Turns out we were right because few months after we have started our own fork, OPNsense shifted back to the FreeBSD kernel.
I must add that we have our own distinct compilation platform and that we did some upstream of OPNsense code in the beginning (but didn't Deciso did the exact same thing with pfSense back in 2015 ?), the more we move forward the less upstream we do. Unfortunately we didn't had the chance to have GonzoPancho screaming on the whole internet so social marketing for our distro is still discrete at this stage…
I won't discuss future plans of our distro on the OPNsense forum, this seems like not the exact right place to do that ;-) but there clearly will have some very interesting stuff offered that will move us on our own trajectory…
Who is DynFi?
No, we are not an obscure agency of the French government, but a Paris based company created back in 2001.
Hope this post helps understand who we are and where we come from.
-
Usually I don’t comment such topics, but world really doesn’t need another pfsense:opnsense war, there are enough wars already.
Main curse of open source is that its open. And when money starts to talk it becomes closed, and hard to stear without common sense (pfsense example)..
Software quality would be light years better, if we wouldn’t have 1000 linux distros, with all those developers working on same SW base with XY desktop manager, because they don’t like what the first distro uses...but at the end it gives us variety and possibility to choose.
Just my 2c.
-
[...] and to a certain extent until now, there is no On Premise Central Management solution beside our own DynFi Manager.
As I said I don't mind but this remark is manipulative, because there is and you can't decide for others. And I don't want this to be a base for your advertising also.
For reference: https://docs.opnsense.org/vendor/deciso/opncentral.html
Turns out we were right because few months after we have started our own fork, OPNsense shifted back to the FreeBSD kernel.
I just see the same idea in two places because the issues with HardenedBSD were visible since this is open source. ;) Making it a marketing strategy by implying you were right and we followed is questionable...
Unfortunately we didn't had the chance to have GonzoPancho screaming on the whole internet so social marketing for our distro is still discrete at this stage…
Because that was the nicest time of our lives, huh? I really don't know what the point of this is other than marketing.
but there clearly will have some very interesting stuff offered that will move us on our own trajectory…
Yay, marketing and link drop :)
For me personally looking at https://github.com/DynFi/opnsense-core/commits/master is all I need to know and we can skip this advertising. Thanks!
Cheers,
Franco