No subject
Sun Mar 29 18:49:28 MST 2009
when I initially checked into it several years ago.
--00c09f88d1010fd729047662fac4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div class=3D"gmail_quote">On Tue, Oct 20, 2009 at 8:08 AM, Paul Mooring <s=
pan dir=3D"ltr"><<a href=3D"mailto:drpppr242 at gmail.com" target=3D"_blank=
">drpppr242 at gmail.com</a>></span> wrote:<br><blockquote class=3D"gmail_q=
uote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0=
pt 0.8ex; padding-left: 1ex;">
=20
=20
<div>
I'm not sure I'd want to go this way, because I'd mostly switch=
just to learn pf/bsd, but in your opinion is there a big advantage beyond =
ease of use to using a ready made router distro as oppose to setting up you=
r own?=A0 I've tried Debian with arno-tables and ipcop and both times t=
he large number of iptables rules created by a rather simple set up seemed =
to make it nearly impossible to troubleshoot firewall issues (in the case o=
f arno ~250 lines in iptables-save as oppose to ~30 when I did it by hand).=
=A0 I'm not sure I'm really convinced that the added complexity in =
the rules really adds any security over a simple custom configuration.<div>
<div></div><div><br></div></div></div></blockquote><div><br>Initially, I sw=
itched just to learn it as well.=A0 The biggest benefit is that you can con=
trol the other services you want installed, along with custom compile optio=
ns.=A0 You also have the ability to create custom kernels (<acronym title=
=3D"">ALTQ</acronym> is only available by compiling
support for it into the FreeBSD kernel).=A0 In an enterprise environment, y=
ou may want redundancy with pfsync/CARP (think Cisco's HSRP).<br>From w=
hat I can tell, pfsense has nearly everything I need now, but didn't wh=
en I initially checked into it several years ago.<br>
</div></div>
--00c09f88d1010fd729047662fac4--
More information about the PLUG-discuss
mailing list