6.4 Updated!

November 12, 2018, proudly hosted by ARP Networks. Follow me on Twitter.


Forked from NetBSD. Theo de Raadt is the founder and leader of the OpenBSD project. The first OpenBSD release 1.1/CVS appear on October 18, 1995.

Why use OpenBSD

OpenBSD innovations

Software and ideas developed or maintained by the OpenBSD project: http://www.openbsd.org/innovations.html

OpenBSD manual pages (web)


OpenBSD Version numbers

  • Biannual release cycle
  • New release is incremented by 0.1

OpenBSD's Flavors

  • -release, shipped every six months
  • -stable, release, plus patches (support for 6.3 & 6.4)
  • -current, development branch


Really simple, ready in 5 minutes (KISS).
A response file is emailed to the root user on next boot.

Get more information: http://www.openbsd.org/faq/faq4.html


Use autoinstall(8) or you can try upobsd package for a full unattended install/upgrade process.

Networking (Files)

/etc/myname Default hostname
/etc/mygate Default gateway
/etc/hosts Known hosts on the network
/etc/resolv.conf Resolver (DNS)
/etc/hostname.if Configuration for each network interface, for example: /etc/hostname.bge0

Read the manual: myname(5), hostname.if(5), resolv.conf(5), hosts(5)


# Display the current configuration of network interfaces:

# Set DHCP for 're0' interface, on the fly:
/sbin/dhclient re0

# Perform network (re)initialisation:
/bin/sh /etc/netstart

Networking (Routing)

# Show the routing table (ipv4):
/sbin/route -n show -inet

# Show the routing table (ipv6):
/sbin/route -n show -inet6

# Delete all gateway entries from the routing table:
/sbin/route -n flush

Networking (set at startup)

Example 1: configure static IP address for re0

## file: /etc/hostname.re0

Read the manual: hostname.if(5)

Don't forget to run sh /etc/netstart re0 to apply changes to running system.

Networking (set at startup)

Example 2: configure DHCP for bge0

## file: /etc/hostname.bge0

Read the manual: hostname.if(5)

Don't forget to run sh /etc/netstart bge0 to apply changes to running system.

Networking (set at startup)

Example 3: configure wireless

# First, see a list of available wireless networks: 
/sbin/ifconfig iwn0 scan
## Configure 'iwn0' using the file: /etc/hostname.iwn0

## Or, for multiple access points:

Read the manual: hostname.if(5)

Don't forget to run sh /etc/netstart iwn0 to apply changes to running system.

PF (Packet Filter)

Ruleset: /etc/pf.conf

Useful commands

# Disable PF:
/sbin/pfctl -d

# Enable PF and load the rules:
/sbin/pfctl -ef /etc/pf.conf

# Just load the rules (apply changes):
/sbin/pfctl -f /etc/pf.conf

# View the loaded rules:
/sbin/pfctl -s rules

Read the manual: pfctl(8)

PF ruleset sample

## file: /etc/pf.conf
# Protect a laptop (allow only ping/ssh from anywhere)
set skip on lo
set fingerprints "/dev/null"
block log all
pass in on egress inet proto icmp all icmp-type echoreq
pass in on egress inet proto tcp from any to any port ssh
pass out

Read the manual: pf.conf(5)

Debug PF with tcpdump

/usr/sbin/tcpdump -nettti pflog0

Read the manual: tcpdump(8)

PF User's Guide


Manage users

# Manually
/usr/sbin/user [add|del|info|mod] foobar

# Add users interactively

# Remove users interactively

Read the manual: adduser(8)

Manage Groups

File: /etc/group

/usr/sbin/group [add|del|info|mod] foobar

Members in wheel group can use su(1) to become root.

Read the manual: group(8), group(5)

sudo replaced with doas(1)

## file: /etc/doas.conf
# Permit the user 'Marc' to reboot the box
permit nopass marc as root cmd /sbin/reboot

# Marc can now reboot the box:
$ /usr/bin/doas reboot

Read the manual: doas(1), doas.conf(5)

Try doas mastery website

Install Packages

# Method 1: using the PKG_PATH environment variable
export PKG_PATH=http://cdn.openbsd.org/pub/OpenBSD/%c/packages/%a

## Method 2: use the file /etc/installurl with the following contain:

# For example, you can add Package Manager:
/usr/sbin/pkg_add pkg_mgr

Some packages provide configuration and other information in the directory /usr/local/share/doc/pkg-readmes. Read the manual: pkg_add(1), installurl(5)


# List packages installed:

# Show the files within each package
/usr/sbin/pkg_info -L foobar

# View install-message for a specific package:
/usr/sbin/pkg_info -M foobar

Read the manual: pkg_info(1), packages(7)

Packages (continued)

# Delete a Package:
/usr/sbin/pkg_delete foobar

# Delete unused dependencies:
/usr/sbin/pkg_delete -a

# Delete all except 'nginx':
/usr/sbin/pkg_delete -X nginx

Read the manual: pkg_delete(1), packages(7)

Install non-free firmware packages


Firmware is downloaded from release-specific directories at: http://firmware.openbsd.org/firmware/

Read the manual: fw_update(1)

Manage daemons, services

File: /etc/rc.conf.local

/usr/sbin/rcctl [enable|disable|start|stop|reload|restart] foobar

# For example, to start the apmd(8) daemon for CPU scaling, you might do:
/usr/sbin/rcctl enable apmd
/usr/sbin/rcctl set apmd flags -A
/usr/sbin/rcctl start apmd

# For example, tune ntpd(8) to try to set the time immediately at startup:
/usr/sbin/rcctl enable ntpd
/usr/sbin/rcctl set ntpd flags -s
/usr/sbin/rcctl restart ntpd

Read the manual: rcctl(8)

Run a script at startup

File: /etc/rc.local

Read the manual: rc.local(8)

Update OpenBSD (-stable)

Any security or reliability fixes can be found at:

Errata patches are generated for the 2 last releases (6.3, 6.4).

Update OpenBSD (-stable), the tools

Use syspatch(8) to update your kernel and userland, available for the last 2 release.

You can also use the openup tool from M:tier to update packages and the base system.

Upgrade OpenBSD

To upgrade 6.2 to 6.4, you need to follow instructions:


OpenBSD Filesystem

The most important

/ Root directory
/home User home directories
/root Default home directory for the superuser
/mnt A temporary mount point

OpenBSD Filesystem (continued)

/etc System configuration files and scripts
/etc/examples Example configuration files for base system daemons
/etc/skel (dot) files for new accounts
/etc/signify Key files used for signify(1)

OpenBSD Filesystem (continued)

/tmp Cleaned after a reboot
/var/tmp Symbolic link to the system /tmp
/var/log Log files
/var/run pid, socket files, utmp, dmesg.boot

OpenBSD Filesystem (continued)

/var/db Database files
/var/www Configuration files for httpd(8)
/var/www/htdocs Web repository for httpd(8)
/usr/local Used for third packages installed
/usr/src BSD and/or local source files

Read the manual: hier(7)

OpenBSD Kernels

Pure kernel executable (the operating system loaded into memory at boot-time).

OpenBSD Kernels (continued)

Pure kernel executable, a resume from hibernation (handled by the bootloader).

OpenBSD Kernels

Old kernel, next boot it will use the new kernel /bsd (kernel relinking).

OpenBSD Kernels (continued)

Pure kernel executable for single processor.

OpenBSD Kernels (continued)

Pure kernel executable for multiprocessor machines.

OpenBSD Kernels (continued)

Installation kernel. The built-in RAM disk contains utilities which can be run without an external file system, so this kernel is useful for limited system maintenance too.

Tune the system

sysctl(8) get or set kernel state
config(8) modify a kernel

Setting laptop hibernation (sysctl)

  • machdep.lidaction=0 # do nothing
  • machdep.lidaction=1 # suspend
  • machdep.lidaction=2 # hibernate


pkg_check -F Check the filesystem for random objects
dmesg -s Review rc(8) system startup messages
ldd foobar List dynamic object dependencies
df -h See disk usage
top -s .1 Check load (cpu/mem)

Read the manual: pkg_check(8), dmesg(8), ldd(1), ldd.so(1), df(1), top(1)

Some useful packages

screenfetch Display system information in the terminal
w3m Text-based web browser
pstree List processes as a tree
tmate Share your terminal on the web without open any ports
testdisk Scan and repair disk partitions

Presentations & Papers


Need more help

FAQ: http://www.openbsd.org/faq/
Manual page: afterboot(8)
IRC Channel: #openbsd
Mailing list: misc@

Supporting OpenBSD


OpenBSD Foundation

OpenBSD Store

** Bonus

Join us on Telegram!

** Gift!

Visit our HowTo section!

Thank you.

Feedback: contact@