> Well, I've got the impression that FreeBSD is less picky about
> hardware (I've had machines that wouldn't boot an OpenBSD kernel
> properly but didn't have any problems with FreeBSD), which seems to
> be an important point with people running m0n0wall on all kinds of
> junk PCs. My last performance benchmarks are already several months
> old, but at least back then, FreeBSD was considerably faster
> (measured network throughput). And I'm sorry, but reading some of the
> messages from OpenBSD's founder didn't make me feel like switching.
> Then again, the story involves the founder of ipfilter as well...
> Please tell me never to touch a keyboard again if I ever end up like
Well there is no doubt that OpenBSD is slower than FreeBSD. There was quite a
lot of discussion about this earlier in the year - it really is a security v.
performance compromise, although there have been some speedups inserted into
I think it is important to differentiate between perfromance as a router,
versus performance as a firewall. I can't find the item in my archive, but
the indications are that pf is a lot faster than ipf and that this probably
makes up some of the lost ground.
I personally have not had a problem runing OpenBSD on old junk PC's, but I
note from the release notes in both 3.5 and 3.6 that a lot more oddball
chipsets are now supported than previously.
As for Theo - well I have to agree that the guy is a looney :-)
It is aggravating that this means slow progress in integrating some new
features (VRRP, NAT-T, etc) until the OpenBSD team come up with their own
unencumbered solution. But, these features don't exist in FreeBSD anyway!
> > I have no experience at all of using pf on FreeBSD, so I do not
> > know if the same level of integration and functionality achieved
> > on OpenBSD is available under FreeBSD 5.3, but my experience of
> > using it on OpenBSD leaves me in no doubt at all of which firewall
> > is the best (and it isn't ipf).
> Yeah, agreed, pf really makes a cleaner impression. However, I'm not
> convinced the integration into FreeBSD is good enough yet. pf should
> be run under OpenBSD, which it was designed for, but the concerns
> listed above prevent switching m0n0wall to OpenBSD.
Points taken - for what its worth I think you are right and that the focus
should be on FreeBSD 5.3 and ipf. Lets see how pfsense pans out before
opening the can of worms that is pf on FreeBSD.
Peter Curran Leveraging Internet Technology
Close Consultants for Businesses
e: peter at closeconsultants dot com
sip: peter at closeconsultants dot com
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.