[ale] Linux versus OpenBSD for enterprise firewalls

John Wells jb at sourceillustrated.com
Thu Nov 10 08:48:40 EST 2005


Michael H. Warfield said:
> 	You would probably do well, either way.  Which are you more comfortable
> with in administering?

well, I've built a few iptables walls here and there...never pf, but I'm
willing to learn. I don't want to pass on a tool just because I don't
necessarily understand it's syntax yet. If it's a better tool for the job,
me and my team are willing to learn.

I don't think it's as simple a question as "which are you more comfortable
with?". From just a light reading of different features available, it
would seem that OpenBSD is a more feature-rich solution. I'm no expert,
but this is how I'm reading it so far.

For example, you can easily(?) implement stateful, redundant firewall
clusters on OpenBSD using CARP and pfsync. OpenBSD provides ISN
randomization. Many others mentioned.

It's this sort of feature discrepancy I'm interested in.

Thanks,
John







More information about the Ale mailing list