[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall: linux vs. freebsd



on Sat, Feb 23, 2002, Matt Garman (garman@raw-sewage.net) wrote:
> On Fri, Feb 22, 2002 at 10:18:03PM -0500, timothy bauscher wrote:
> > I am planning on building a firewall here. There is a lot of hype
> > about Freebsd being great for firewalls, and books regarding Linux
> > firewalls.
> > 
> > I love Linux, but I believe in finding the best solution for a
> > problem. My question is not which OS is better for a firewall, but
> > which one you would use (or do use).
> 
> I previously used OpenBSD as my firewall, cablemodem gateway, NAT box,
> then later as a diald server, etc.  It worked pretty well, and was
> relatively easy to setup and configure.  OpenBSD has a good reputation
> for being secure and all that (perhaps it's just hype :), and I also
> wanted another free Unix to play with.

Similar experience, and I found the OpenBSD ipf system far more
intuitive than GNU/Linux's then ipfw/ipchains tools.  iptables is
getting there, but it's been a long, slow, twisted road.

> After a while, though, I got to thinking: security is only as good as
> its configuration.  So, even though OpenBSD might be more secure out
> of the box than Debian out of the box, my Debian firewall is probably
> more secure than my OpenBSD firewall simply because I know the Debian
> system better.

Also similar experience.  That and the fact that updating an OpenBSD
system is nowhere near as straightforward as Debian, though the former's
improving.  If you can afford to take the system down for an upgrade,
OpenBSD's OK.

> One thing I learned from playing with OpenBSD for a while is that
> familiarity with one Unix (e.g. Debian Linux) does not a general Unix
> admin make (due to subtle difference between Unices).

Multiple perspectives help much.  I've seen a good fistful of GNU/Linux
distros, Open and Free BSD, and about six proprietary Unices, along with
some other Real Server OSenŽ -- OpenVMS and MVS.

> So... hopefully this hobbyist's experience will help you make your
> decision.  In general, I would say the following: if you're a
> full-time Unix admin, and you both enjoy and have the time to learn
> and understand a new Unix, go with a BSD.  If you don't have the time,
> or don't want to fill your mind with the subtleties of two Unices,
> stick with Debian.  (I'm sure most would agree that a properly
> configured Linux firewall is as safe as any other free Unix's
> firewall.)

I hate to be the offending bringer of general concensus and agreement,
but again, well made points.

Note also that recent Debian updates include some interesting security
offerings, both packages and configurations, though I've not explored
all the latter in depth.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>    http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?       There is no K5 cabal
  http://gestalt-system.sourceforge.net/         http://www.kuro5hin.org

Attachment: pgpllhPbk3BDI.pgp
Description: PGP signature


Reply to: