I'm not sure I'd want to go this way, because I'd mostly switch just to
learn pf/bsd, but in your opinion is there a big advantage beyond ease
of use to using a ready made router distro as oppose to setting up your
own? I've tried Debian with arno-tables and ipcop and both times the
large number of iptables rules created by a rather simple set up seemed
to make it nearly impossible to troubleshoot firewall issues (in the
case of arno ~250 lines in iptables-save as oppose to ~30 when I did it
by hand). I'm not sure I'm really convinced that the added complexity
in the rules really adds any security over a simple custom
configuration.
-----Original Message-----
From: Benjamin Francom <
bfrancom@gmail.com>
Reply-to: Main PLUG discussion list
<
plug-discuss@lists.plug.phoenix.az.us>
To: Main PLUG discussion list <
plug-discuss@lists.plug.phoenix.az.us>
Subject: Re: Linux vs OpenBSD as a router
Date: Mon, 19 Oct 2009 17:15:36 -0700
On Mon, Oct 19, 2009 at 4:12 PM, Eric Cope <
eric.cope@gmail.com> wrote:
I use freebsd, openvpn, pf. OpenVPN is the same (different
locations). PF is pretty easy to use imo.
Eric
On Mon, Oct 19, 2009 at 3:10 PM, Nathan England
<nathan@paysonlinux.org> wrote:
On Monday 19 October 2009 14:46:54 Paul Mooring wrote:
> I've been running linux routers using iproute2 and
iptables for a while
> now, and openBSD just had a new release which has me
considering
> switching my home setup to a BSD pf solution. Does
anyone have any
> experience comparing the two? I guess I'm also
concerned about other
> software I use on my linux router not being supported
in openBSD
> (OpenVPN, OpenSwan, and Quagga primarily).
>
While one system may have strengths or weaknesses and
one may be more secure
than the other, no system will ever be more secure than
the one you know.
Don't pick a system you know nothing about and use
software you are not
familiar with and expect it to be a safer solution than
the one you are
familiar with and know how to use.
then again, the most inexperienced user on the planet
who couldn't find his
way home if standing in front of his house could still
manage to install
Ubuntu and be more secure than windows... ha ha!
I've used IPcop, smoothwall, m0n0wall, PF, and Cisco. I tried pfsense,
a long time ago in its early stages, and it didn't quite work as I
wanted. I prefer pf on FreeBSD with Squid/SquidGuard. PF was ported
from OpenBSD to FreeBSD in 2003. Some links for reading:
http://en.wikipedia.org/wiki/PF_%28firewall%29
http://www.oreillynet.com/pub/a/sysadmin/2007/02/15/evaluating_firewalls.html
http://onlamp.com/bsd/2006/02/16/os_fingerprint_filtering.html
http://www.openbsd.org/faq/pf
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss