Jonathan De Graeve wrote:
> The choice of BSD is obious. More powerfull then Linux (I know there
> lots of funky iptables modules etc) but the fact is that BSD has a
> MUCH better IP stack and routing code and is faster in forwarding
> packets with less memory.
Have you seen benchmarks that show that Linux firewalling is slower than
FreeBSD in that it would be noticeably slower than FreeBSD? I would
definately be interested in seeing them if so. The last benchmark I saw
was not with FreeBSD but with OpenBSD and Linux and Linux won most of
those benchmarks with non-state tracking(tcp window tracking was not
available at the time so they didn't test that on Linux). That was with
a very old 2.2.x linux kernel. Linux has had major VM speedup changes
since then. TCP window tracking has been available since 2002 for
iptables through the normal patch-o-matic so it would be interesting to
see that benchmark done again comparing Linux tcp window stateful tracking.
Both OSs have been improving by quite a bit over the years. I certianly
have not had any speed or stability problems with Linux as a firewall on
486, P200 and recently P400mhz equivalent systems for the past 8 years
or with FreeBSD over that past year. I have a feeling that their
current performance levels and real world usage is much closer that what
your "fact"s are telling you.
Those "funky iptables modules" are extremely useful on Linux too so dont
discount them too quickly.
Regardless of all of this if I were developing it and had more
experience with OpenBSD, I would choose that over Linux because of its
failover of state tracked connections for use in creating redundant
firewalls... not because one is slightly slower or faster than the
other. The stateful failover would be a huge deal to me. I doubt
Tommaso or any of the m0n0wall developers plan for that advanced of a
feature though. It would definitely be something none of the other open
and free embedded firewalls have though.