On Tue, Oct 20, 2009 at 8:08 AM, Paul Mooring <
drpppr242@gmail.com> wrote:
> I'm not sure I'd want to go this way, because I'd mostly switch just to
> learn pf/bsd, but in your opinion is there a big advantage beyond ease of
> use to using a ready made router distro as oppose to setting up your own?
> I've tried Debian with arno-tables and ipcop and both times the large number
> of iptables rules created by a rather simple set up seemed to make it nearly
> impossible to troubleshoot firewall issues (in the case of arno ~250 lines
> in iptables-save as oppose to ~30 when I did it by hand). I'm not sure I'm
> really convinced that the added complexity in the rules really adds any
> security over a simple custom configuration.
>
>
Initially, I switched just to learn it as well. The biggest benefit is that
you can control the other services you want installed, along with custom
compile options. You also have the ability to create custom kernels
(ALTQis only available by compiling support for it into the FreeBSD
kernel). In
an enterprise environment, you may want redundancy with pfsync/CARP (think
Cisco's HSRP).
From what I can tell, pfsense has nearly everything I need now, but didn't
when I initially checked into it several years ago.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)