[wellylug] OpenBSD firewalls (was 'Broadband')

[Edmund A. Hintz]

On Thu, Aug 12, 2004, David Antliff thus spake:

>From my own experience, OpenBSD was the first firewall I had the honour of
>managing (unless you count a Novell Border Gateway server some years ago)
>and therefore I tend to lean towards it as 'familiar territory'.
>Practically speaking, I had issues with Linux firewalls and older
>hardware, whereas OpenBSD never seems to have a problem (you may say I got
>lucky most likely). It has no problems autodetecting my old ISA network
>cards, but I've had issues with 'packaged' linux firewalls (like
>smoothwall) and getting the right modules to work. More effort was
>required than I was prepared to give at the time.


My experience as well. I find that OBSD is easier to wrap my wee
insignificant brain around, and deals with generic HW quite well (I've
had many instances where LinuxFlavorOfTheDay didn't like some bit of HW
while OBSD happily accepted it). Mind you I'm not saying linux wouldn't
do it, just that I had to jump through more hoops/lkms/etc (and this
annoyed me). One place where OBSD tends to fall down though is exotic HW
(for instance, my el cheapo DSE ADSL router with USB interface, for which
only binary linux drivers are available). It's also generally behind on
desktoppy things (like sound doodads, pretty GUIs, Having support for a
large amount of stuff in the generic kernel is something I find
convenient, and the performance hit isn't too big of a deal for me.

Also, I'd agree that I find the PF (and IPF for that matter) syntax
easier than iptables. But like David it's also because I have a long
history with the OS, so there's a certain level of familiarity at play
here as well.

Regards,

Ed Hintz
ed at hintz.org