On Tue 2001-01-23 (00:07), Michael H. Warfield wrote:
> On Mon, Jan 22, 2001 at 11:46:59PM -0500, [EMAIL PROTECTED] wrote:
> > Not to put down Linux, I used to be a huge fan, but for a Firewall I use
> > OpenBSD or FreeBSD. They are both free as well, but ipf and ipfw are Much more
> > powerful, and offer stateful inspection. Not to mention the kernel level
> > security in *BSD adds quite a bit more protection to the firewall itself.
> > Sorry if this does not answer the question at all.
>
> No...
>
> You make the common mistake that because OpenBSD is secure then
> FreeBSD is secure and that because FreeBSD is high performance then
> OpenBSD is high performance.
[ Full disclosure: I am a FreeBSD developer, and an OpenBSD (and Linux,
NetBSD, BSD/OS, Solaris, ...) user. ]
I don't see that argument being used. Specifically, he mentions ipf and
ipfw. ipf comes with both FreeBSD and OpenBSD (and NetBSD, and is
available for Solaris/SunOS, BSD/OS, Irix, HP-UX, ...), and is a good
way to maintain firewalls on multiple systems.
The "kernel level security in *BSD" comment is probably due to similar
heritage and similar coding styles (and the occasional bit of code
sharing too) and a generally good reputation.
> Some of those guys won't even SPEAK to each other.
[ wonderfully technical argument removed ]
> I have OpenBSD and FreeBSD systems running side by side with
> my Linux systems at multiple sites. FreeBSD != OpenBSD. No way, no
> how. *BSD is an oxymoron. The one thing that the *BSD systems do
> have in common is that they are all more difficult (for me and everyone
> I know, at least) to manage and maintain.
That's because they're similar to manage and maintain. Sure, maybe you
don't like the way it is done, but that doesn't make them particularly
different from each other. (Similarly, NetBSD and BSD/OS, although
admittedly some bits are more similar to other bits.)
They are much more similar to each other than Slackware and Debian, or
Debian and RedHat, or SuSE and Stormix, or Caldera and Corel, HP-UX and
IRIX, Solaris and ...
> Your mileage may differ.
> If you are more comfortable with *BSD then go for it. If you are NOT
> comfortable with *BSD, then puting in a firewall based on it may be
> a serious mistake, given that human errors are the most common source
> of failures.
This is good advice for important live systems. But it is no reason not
to attempt to learn new systems, for personal experience and comparison.
Since there is no specific context (just a personal account of someone's
preference), it really depends.
A general rule is that knowledge of and experience with many products
allows one to choose a good product for a specific taskset.
> Given the personality conflicts that plague the BSD camps (plural
> intentional and emphasized), I'll stick with my Linux based Netfilter
> firewalls. :-)
I doubt there is a good argument for a "plague" of personality conflicts
in BSD-land.
Specifically, they've tended to resolve around two (three or four
depending on how further back you go) personalities. However, since
these conflicts haven't flared at all in particularly recent time, and
since others' personality conflicts aren't normally good reasons for
choosing firewalls, they're as good as ignoreable (as are the conflicts
that exist in other systems).
'ipf' is operating system neutral and independent from the supposed
"plague", and FreeBSD and OpenBSD (and NetBSD and BSD/OS) have their own
reasons for existence and choice.
That they are similar is a bonus not lost on their users.
Neil
--
Neil Blakey-Milner
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
