So then Kenneth Scharf ([EMAIL PROTECTED]) said . . . > If there are any debian-bsd people here maybe they can > answer this. I have been doing some reading and have > heard that some of the BSD variants are considered a > better canidate os for a firewall system than linux > (herertic!). OpenBSD in particular was highly > regarded in this (though it was said to be a RPITA to > install). Any thoughts on this out there?
OpenBSD is billed as "secure by default" and really isn't too bad to install. I installed it on some old Intel hardware easily. Configuring it may be a pain, however, since many tools are quite different from Linux's. Also, few services are turned on by default, which means you need to turn them on manually. OpenBSD is rather different from FreeBSD in that it doesn't use /stand/sysinstall, but instead uses config scripts and lots of hand editing, which I don't mind, but some people do. Compiling custom kernels is quite different too. BSDs don't really use runlevels as Linux does. (FreeBSD was considering this possibility, though.) Licensing is less restrictive than GNU licensing (although beware flamewars on this topic). The BSDs are extremely good, in my opinion. I agree that they have the most tried and tested TCP stack around, and they scale better under heavy loads than Linux, in my experience. I have discovered a fair amount of BSD advocacy turned "anti-Linux". Like Linux zealots, BSDers are not above snobbery. Support for FreeBSD is rather abundant, while support for OpenBSD and NetBSD are a little less so. OpenBSD has great support for strong Encryption, since it's exported from Canada. This may be less of an advantage in the future since US crypto laws seem to be easing up, finally. Finally, I would find someone in your locale whom you can ask BSD questions to. I found this valuable, since going from Linux to one of the BSDs can seem nearly as large a culture shock as moving from Windows to Linux. Not quite that bad, but be prepared for another learning curve. That said, I think the curve is worth the time and effort if you can manage it. :-) -- David S. Jackson http://www.dsj.net =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "Out eth0, through the firewall, over the analog line, into usr1, past another firewall, through the gateway, out the T-3, off core2 in Atlanta . . . nothin' but Net."
