I agree totally with Frederick, although I don't know how feasable it
would be to move to OBSD. It seems to me like a natural fit between the
two - in general, Open tends to run better on older hardware and it's
already a very popular choice for firewall systems. (Before I went to
m0n0 + Soekris, I was running Open 3.4 on a Pentium 90, and it had no
problems with my 3mbit cable line.)
Plus, pf does both shaping/queuing and rules all in the same system, no
more "two pronged" attack like we have currently with ipfw/ipfilter.
Just my $0.02...
> -----Original Message-----
> From: Frederick Page [mailto:fpage at thebetteros dot oche dot de]
> Sent: Tuesday, March 29, 2005 5:01 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Why I left M0N0Wall
> Hallo Chris,
> Chris Buechler schrieb am 28. March 2005:
> >Actually he did help us uncover a legitimate problem with m0n0wall
> >b5+, in that it takes way more CPU than previous versions did.
> I only have a WRAP, that's something like Pentium-1, 266 Mhz.
> AFAIR the initiator of the thread had a PC with a more potent
> CPU. However I have only 2 mBit SDSL, that's probably the
> reason why I cannot max-out my CPU with any version of m0n0.
> I also read Manuel's mail here about the issues of FBSD 5.x
> and his reluctance to jump onto this platform. As I
> understand it, the leap to FBSD 5.3 was a HUGE step, which
> caused much work. The current ipfw and ipfilter software
> might have to be replaced in the future as well, which
> probably is another HUGE step.
> Would it make any sense to consider e.g. OBSD 3.6 (which
> already has pf, CARP, etc.) as a possible alternate platform?
> The world's safest OS would make kind of sense on a router
> platform (from my point of view), let alone the enhanced
> security by e.g. pf's "scrub" feature, the enforced minimum TTL, etc.
> ftp://ftp.openbsd.org/pub/OpenBSD/doc/pf-faq.pdf should put
> up some argument here. One being performance.
> Kind regards Frederick
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch