On 09/03/18 16:17, Bogdan Kulbida wrote:
Ladies and gentlemen,
I need to build a pf OBSD firewall for a small office. What minimally
feasible equipment would you recommend in order to achieve this goal?
Thank you!
I've ran multiple office networks on octeon devices. I've found the
Edgerouter and Edgerouter Pro to be quite performant. The Edgerouter Pro
can easily handle a 100/100 connection or even a 250/250 connection. I
like them because they're free of any spectre / fpu bugs as they use an
in-order CPU. OpenBSD also supports hw accelerated IPsec on them. I've
used them to run DHCP and DNS servers, used them heavily as jump
hosts/proxies and also ran my unbound-adblock and pf-badhost scripts;
with over 100,000 domains and IP/CIDR blocks being filtered while
pushing dozens of terrabytes in network traffic through them each month,
they've proven to be rock solid. If you have modest needs, then an
Edgerouter lite should suffice.
Keep in mind, these are just my personal opinions, and I am biased. I
can't stand the thought of having an x86 machine exposed on the open
internet, much less trusting it to secure and segment my network. With
spooky management engine shenanigans and hardware bugs abound, I'm just
not interested in putting my faith in x86 again. Too much emotion, too
much garbage.
Cheers,
Jordan
