[ previous ] [ next ] [ threads ]
 
 From:  Frederick Page <fpage at thebetteros dot oche dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenBSD for m0n0wall?
 Date:  Thu, 31 Mar 2005 03:33:01 +0200 
Hallo Sancho2k.net,

Sancho2k.net Lists schrieb am 29. March 2005:

>I'd like to see a project of the same kind as m0n0wall spring up on
>OpenBSD.

There might be a reason why all those pf guys have OBSD and why
features like CARP, pfsync and other pf related stuff all come from
OBSD. For a secure platform the flavour of BSD should really be a
nobrainer.

>pf is featureful, secure, slim, and unencumbered.

I hear you. Nice choice of words ;)

We are currently in a difficult position: m0n0wall is primarily
designed for embedded PCs like the WRAP and Soekris. The current
software brings that hardware to it's limits on nowadays usual
bandwidths. Chris Buechler told us, that his Soekris net4501 is maxed
out at about 3 mBit. He can forget about OpenVPN, IPSec and the other
features ...

It's not hard to see that we are walking towards a problem, bandwidths
tend to increase more and more. E.g. Swedish users have 10 mBit SDSL
(20 mBit total bandwidth) for 39 Euro/month.

>pfsync and CARP are no-brainers for a high-availability firewall
>cluster.

Let alone the ability to distribute the load amongst those cheap
machines. So you'd even be set for future bandwidth increases.

>It seems to me that OpenBSD is just screaming for someone to pick up the
>initiative and produce a nice embedded systems project a la m0n0wall.

To me too. Those OS issues should be minor, there is the leap from
ipfw/ipfilter to pf, but that one will have to be made anyway. The
FBSD guys have now implemented pf, they will (as OBSD did already)
deprecate the other tools.

The developers had already seen, that FBSD 4.10 was dead. Now 5.3
maxes out the embedded PCs (m0n0wall's primary platform).
ipfw/ipfilter will also have to be replaced in the foreseeable future.

>It's small, secure, and no-nonsense.

That's the IMHO most important thing: no-nonsense.

>Granted, these applications have been designed to be portable and will
>all be available in FreeBSD, but there is something to be said for
>running on the native platform at times.

They simply work and with no fuzz.

Kind regards   Frederick