Linux vs OpenBSD as a router
Benjamin Francom
bfrancom at gmail.com
Tue Oct 20 12:36:21 MST 2009
On Tue, Oct 20, 2009 at 8:08 AM, Paul Mooring <drpppr242 at gmail.com> wrote:
> I'm not sure I'd want to go this way, because I'd mostly switch just to
> learn pf/bsd, but in your opinion is there a big advantage beyond ease of
> use to using a ready made router distro as oppose to setting up your own?
> I've tried Debian with arno-tables and ipcop and both times the large number
> of iptables rules created by a rather simple set up seemed to make it nearly
> impossible to troubleshoot firewall issues (in the case of arno ~250 lines
> in iptables-save as oppose to ~30 when I did it by hand). I'm not sure I'm
> really convinced that the added complexity in the rules really adds any
> security over a simple custom configuration.
>
>
Initially, I switched just to learn it as well. The biggest benefit is that
you can control the other services you want installed, along with custom
compile options. You also have the ability to create custom kernels
(ALTQis only available by compiling support for it into the FreeBSD
kernel). In
an enterprise environment, you may want redundancy with pfsync/CARP (think
Cisco's HSRP).
More information about the PLUG-discuss
mailing list