10. Parsing IPTABLES config files excellent preparation for subsequent learning of Asian pictograph-based languages.
9. Standard logging via syslogd helps eliminate clutter in /var/log.
We should probably log everything to one file, right? Many people need the files to be seperated, it just meets their needs.
8. GPL prevents Steve Jobs from stealing your code.Hmm, but does not prevent Steve Jobs from "buying" your code ?
but does not prevent Steve Jobs from "borrowing" your code ? :>
Anyway, how can you verify that GNU code is NOT "ported" for Windows?
You never know, tommorow Microsoft may build windows 2008 X (like MAC OS X :> )
7. Simplistic man pages encourage development of social skills via mailing lists.
I thought this was programming oriented, not transferable skills :>
Security enemy Number 1: OBSCURITY. Do you think that this is safe ?
6. Multiple distributions, versions, kernels, modules, plugins, etc. keep hackers confused as to exactly what they're attacking.
Do you think that this is all about with Opensource ?
<evil_hacker> Hmm, let's see now...what kernel are they running?
<evil_hacker> And let me check the Kernel changelog to see what they changed... and let me check the vendor specific non-vanilla kernel to see if this new "feature" is supported in their kernel.....and what about the iptables version they are using ?
I hope you see where this is going... :> It is just silly to assume that obscurity will "keep hackers confused to exactly what they're attacking".
The bad think with Linux is exactly what you described above: A MESS. Vendors providing "patches" "backports" "security-features" as they see fit.
In my opinion, this is what makes OpenBSD superior.
Yeah right, and Spiderman after those two last movies seems stronger than Superman.5. "Mangle" just sounds so much more 133+ than "Scrub".
4. Complexity of structure leads to more opportunities for obfuscation and subsequent job security.You have to decide what you think is right. Security or obscurity ? You said exactly the opposite of "reason 6".
And by the way, you think that pf is a paradigm for "complexity of structure" ?
Stability Vs experimentation ? What do you prefer for a production environment ?3. New and experimental kernel modules make life exciting again.
2. GUI and Web based utilities mean that anyone can set one up without knowing what they're doing.Many LINUX distribution do EXACTLY that. Even worse, they are providing "low" "medium" "hard" firewall settings in their DEFAULT distribution. As a result, the user is NOT EVEN interacting with a WEB frontend to setup his fw :>
When you want to open a discussion you must be open minded. Î use both Linux and OpenBSD for different reasons. The ideas behind them are "somewhat" different.And the number one reason IPTABLES is better than PF:
1. No distracting arguments about whether to port it to OpenBSD.
Yours, MzOzD