Conversation at work

[Pushrod]

Boss: We need a firewall for our new office in another city, we need a VPN setup to join the two together, and it needs to be secure.

Me: OK, why don't I find an old machine and load up FreeBSD with PF and OpenVPN.

Boss: What is "Free Bee Ess Dee"?

Me: It's just like Linux, but easier to use and more appropriate for the job. PF is one of the firewalls, I'd say the best one.

Boss: OK, sounds good.

Another victory for FreeBSD.

 

[arp242]

Isn't the pf version in FreeBSD horribly out of date?

For this particular job, I would say OpenBSD...

 

[Beastie]

Isn't the pf version in FreeBSD horribly out of date?

For this particular job, I would say OpenBSD...

Isn't it just slower than the current native OpenBSD version and missing a few features? IMHO, as long as it doesn't have security vulnerabilities, it can do its job fine, especially if Pushrod is more familiar with FreeBSD than OpenBSD.

 

[Pushrod]

I likely wouldn't use OpenBSD for anything. The office is decently sized and the only computer I could use has dual processors, which basically mandates FreeBSD.

I don't take OpenBSD's "security" very seriously because it is partially achieved through having a limited feature set. I used OpenBSD on a computer for about 6 months before putting FreeBSD back on it because I couldn't tolerate not having filesystem ACLs (a security feature) and other essentials. OpenBSD certainly does a few things right, but if those things were simply incorporated into FreeBSD (which they often are after a delay), OpenBSD would not need to exist.

IMHO, FreeBSD was the right tool for this job. I don't do the whole fanboy thing, whatever I think works best is what goes.

 

[dennylin93]

Isn't the pf version in FreeBSD horribly out of date?

For this particular job, I would say OpenBSD...

PF is a bit outdated at the moment. I'm looking forward to a newer version (it still works a like charm though).

 

[vermaden]

Isn't the pf version in FreeBSD horribly out of date?

Fomr http://freebsd.org/handbook

FreeBSD 5.X -- PF is at OpenBSD 3.5
FreeBSD 6.X -- PF is at OpenBSD 3.7
FreeBSD 7.X -- PF is at OpenBSD 4.1

Dunno for 8.0/9-CURRENT.

 

[danger@]

pf hasn't been updated for some time now, which means that HEAD has the same version as 7.2 (i.e. OpenBSD 4.1). As far as I know, the original porter and maintainer (Max Laier) is too busy to update it to the current version :-(

 

[aragon]

Anyone know what's new in PF since OpenBSD 4.1 ?

 

[anomie]

@Pushrod: Be sure to check out pfsense for handling this job.

I notice on their site that commercial support is now available, which should give the boss man warm fuzzies.

 

[ale]

Anyone know what's new in PF since OpenBSD 4.1 ?

I think that you can get this information searching for pf in OpenBSD releases notes from http://www.openbsd.org/42.html to http://www.openbsd.org/46.html (note the version number in the URL).