[ previous ] [ next ] [ threads ]
 
 From:  "Braden McGrath" <braden at mcmail dot homeip dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] OpenBSD Packet Filter in m0n0wall?
 Date:  Wed, 30 Mar 2005 08:41:03 -0500
Jim Thompson [jim at netgate dot com] wrote:
> Last I checked, openbsd suffered in terms of performance 
> compared to FreeBSD and NetBSD.

How did you check?  Maybe for some CPU-intensive apps it might run
slower, but pf is actually quite quick, and OBSD in general runs very
well on older hardware with minimal requirements.

If there are any performance hits, they come as a tradeoff with
SECURITY.  For instance, OpenBSD's entropy pool is much more
sophisticated than any other *nix OS out there, with the exception of
Linux using various security patches (that have replicated the entropy
code from Open).  OpenBSD had randomly generated TCP sequence numbers
before anyone else really knew why they mattered.  There are a whole lot
of things that Open does "the right way" from a security point of
view...  the downside is that if you want to do any *close* work on the
project, you have to deal with Theo.  Mr. de Raadt is a subject of many
rants on many lists across the web, Google can tell you that and I'm not
about to duplicate the work here.  ;)

--Braden