Mike made a valid point though, if you are building a firewall or other
such security system, use the OS and HW components you know best. Learn
on the side, but, use what you know.
Thanks,
Ron DuFresne
On Tue, 23 Jan 2001, Neil Blakey-Milner wrote:
> On Tue 2001-01-23 (00:07), Michael H. Warfield wrote:
> > On Mon, Jan 22, 2001 at 11:46:59PM -0500, [EMAIL PROTECTED] wrote:
> > > Not to put down Linux, I used to be a huge fan, but for a Firewall I use
> > > OpenBSD or FreeBSD. They are both free as well, but ipf and ipfw are Much more
> > > powerful, and offer stateful inspection. Not to mention the kernel level
> > > security in *BSD adds quite a bit more protection to the firewall itself.
> > > Sorry if this does not answer the question at all.
> >
> > No...
> >
> > You make the common mistake that because OpenBSD is secure then
> > FreeBSD is secure and that because FreeBSD is high performance then
> > OpenBSD is high performance.
>
> [ Full disclosure: I am a FreeBSD developer, and an OpenBSD (and Linux,
> NetBSD, BSD/OS, Solaris, ...) user. ]
>
> I don't see that argument being used. Specifically, he mentions ipf and
> ipfw. ipf comes with both FreeBSD and OpenBSD (and NetBSD, and is
> available for Solaris/SunOS, BSD/OS, Irix, HP-UX, ...), and is a good
> way to maintain firewalls on multiple systems.
>
> The "kernel level security in *BSD" comment is probably due to similar
> heritage and similar coding styles (and the occasional bit of code
> sharing too) and a generally good reputation.
>
> > Some of those guys won't even SPEAK to each other.
> [ wonderfully technical argument removed ]
>
> > I have OpenBSD and FreeBSD systems running side by side with
> > my Linux systems at multiple sites. FreeBSD != OpenBSD. No way, no
> > how. *BSD is an oxymoron. The one thing that the *BSD systems do
> > have in common is that they are all more difficult (for me and everyone
> > I know, at least) to manage and maintain.
>
> That's because they're similar to manage and maintain. Sure, maybe you
> don't like the way it is done, but that doesn't make them particularly
> different from each other. (Similarly, NetBSD and BSD/OS, although
> admittedly some bits are more similar to other bits.)
>
> They are much more similar to each other than Slackware and Debian, or
> Debian and RedHat, or SuSE and Stormix, or Caldera and Corel, HP-UX and
> IRIX, Solaris and ...
>
> > Your mileage may differ.
> > If you are more comfortable with *BSD then go for it. If you are NOT
> > comfortable with *BSD, then puting in a firewall based on it may be
> > a serious mistake, given that human errors are the most common source
> > of failures.
>
> This is good advice for important live systems. But it is no reason not
> to attempt to learn new systems, for personal experience and comparison.
> Since there is no specific context (just a personal account of someone's
> preference), it really depends.
>
> A general rule is that knowledge of and experience with many products
> allows one to choose a good product for a specific taskset.
>
> > Given the personality conflicts that plague the BSD camps (plural
> > intentional and emphasized), I'll stick with my Linux based Netfilter
> > firewalls. :-)
>
> I doubt there is a good argument for a "plague" of personality conflicts
> in BSD-land.
>
> Specifically, they've tended to resolve around two (three or four
> depending on how further back you go) personalities. However, since
> these conflicts haven't flared at all in particularly recent time, and
> since others' personality conflicts aren't normally good reasons for
> choosing firewalls, they're as good as ignoreable (as are the conflicts
> that exist in other systems).
>
> 'ipf' is operating system neutral and independent from the supposed
> "plague", and FreeBSD and OpenBSD (and NetBSD and BSD/OS) have their own
> reasons for existence and choice.
>
> That they are similar is a bonus not lost on their users.
>
> Neil
> --
> Neil Blakey-Milner
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
