I'm not sure I'd want to go this way, because I'd mostly switch just to learn pf/bsd, but in your opinion is there a big advantage beyond ease of use to using a ready made router distro as oppose to setting up your own?  I've tried Debian with arno-tables and ipcop and both times the large number of iptables rules created by a rather simple set up seemed to make it nearly impossible to troubleshoot firewall issues (in the case of arno ~250 lines in iptables-save as oppose to ~30 when I did it by hand).  I'm not sure I'm really convinced that the added complexity in the rules really adds any security over a simple custom configuration.

-----Original Message-----
From: Benjamin Francom <bfrancom@gmail.com>
Reply-to: Main PLUG discussion list <plug-discuss@lists.plug.phoenix.az.us>
To: Main PLUG discussion list <plug-discuss@lists.plug.phoenix.az.us>
Subject: Re: Linux vs OpenBSD as a router
Date: Mon, 19 Oct 2009 17:15:36 -0700

On Mon, Oct 19, 2009 at 4:12 PM, Eric Cope <eric.cope@gmail.com> wrote:
I use freebsd, openvpn, pf. OpenVPN is the same (different locations). PF is pretty easy to use imo.

Eric

On Mon, Oct 19, 2009 at 3:10 PM, Nathan England <nathan@paysonlinux.org> wrote:

On Monday 19 October 2009 14:46:54 Paul Mooring wrote:
> I've been running linux routers using iproute2 and iptables for a while
> now, and openBSD just had a new release which has me considering
> switching my home setup to a BSD pf solution.  Does anyone have any
> experience comparing the two?  I guess I'm also concerned about other
> software I use on my linux router not being supported in openBSD
> (OpenVPN, OpenSwan, and Quagga primarily).
>


While one system may have strengths or weaknesses and one may be more secure
than the other, no system will ever be more secure than the one you know.
Don't pick a system you know nothing about and use software you are not
familiar with and expect it to be a safer solution than the one you are
familiar with and know how to use.

then again, the most inexperienced user on the planet who couldn't find his
way home if standing in front of his house could still manage to install
Ubuntu and be more secure than windows... ha ha!


I've used IPcop, smoothwall, m0n0wall, PF, and Cisco.  I tried pfsense, a long time ago in its early stages, and it didn't quite work as I wanted.  I prefer pf on FreeBSD with Squid/SquidGuard.  PF was ported from OpenBSD to FreeBSD in 2003.  Some links for reading:

http://en.wikipedia.org/wiki/PF_%28firewall%29
http://www.oreillynet.com/pub/a/sysadmin/2007/02/15/evaluating_firewalls.html
http://onlamp.com/bsd/2006/02/16/os_fingerprint_filtering.html
http://www.openbsd.org/faq/pf

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss