Linux vs OpenBSD as a router

Paul Mooring drpppr242 at gmail.com
Tue Oct 20 08:08:18 MST 2009


I'm not sure I'd want to go this way, because I'd mostly switch just to
learn pf/bsd, but in your opinion is there a big advantage beyond ease
of use to using a ready made router distro as oppose to setting up your
own?  I've tried Debian with arno-tables and ipcop and both times the
large number of iptables rules created by a rather simple set up seemed
to make it nearly impossible to troubleshoot firewall issues (in the
case of arno ~250 lines in iptables-save as oppose to ~30 when I did it
by hand).  I'm not sure I'm really convinced that the added complexity
in the rules really adds any security over a simple custom
configuration.

-----Original Message-----
From: Benjamin Francom <bfrancom at gmail.com>
Reply-to: Main PLUG discussion list
<plug-discuss at lists.plug.phoenix.az.us>
To: Main PLUG discussion list <plug-discuss at lists.plug.phoenix.az.us>
Subject: Re: Linux vs OpenBSD as a router
Date: Mon, 19 Oct 2009 17:15:36 -0700

On Mon, Oct 19, 2009 at 4:12 PM, Eric Cope <eric.cope at gmail.com> wrote:

        I use freebsd, openvpn, pf. OpenVPN is the same (different
        locations). PF is pretty easy to use imo.
        
        Eric
        
        
        On Mon, Oct 19, 2009 at 3:10 PM, Nathan England
        <nathan at paysonlinux.org> wrote:
        
                
                On Monday 19 October 2009 14:46:54 Paul Mooring wrote:
                > I've been running linux routers using iproute2 and
                iptables for a while
                > now, and openBSD just had a new release which has me
                considering
                > switching my home setup to a BSD pf solution.  Does
                anyone have any
                > experience comparing the two?  I guess I'm also
                concerned about other
                > software I use on my linux router not being supported
                in openBSD
                > (OpenVPN, OpenSwan, and Quagga primarily).
                >
                
                
                
                While one system may have strengths or weaknesses and
                one may be more secure
                than the other, no system will ever be more secure than
                the one you know.
                Don't pick a system you know nothing about and use
                software you are not
                familiar with and expect it to be a safer solution than
                the one you are
                familiar with and know how to use.
                
                then again, the most inexperienced user on the planet
                who couldn't find his
                way home if standing in front of his house could still
                manage to install
                Ubuntu and be more secure than windows... ha ha!


I've used IPcop, smoothwall, m0n0wall, PF, and Cisco.  I tried pfsense,
a long time ago in its early stages, and it didn't quite work as I
wanted.  I prefer pf on FreeBSD with Squid/SquidGuard.  PF was ported
from OpenBSD to FreeBSD in 2003.  Some links for reading:

http://en.wikipedia.org/wiki/PF_%28firewall%29
http://www.oreillynet.com/pub/a/sysadmin/2007/02/15/evaluating_firewalls.html
http://onlamp.com/bsd/2006/02/16/os_fingerprint_filtering.html
http://www.openbsd.org/faq/pf

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20091020/efc1fc8d/attachment.htm 


More information about the PLUG-discuss mailing list