From owner-freebsd-questions Wed Oct 23 18:40:11 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A37E37B401 for ; Wed, 23 Oct 2002 18:40:09 -0700 (PDT) Received: from gs166.sp.cs.cmu.edu (GS166.SP.CS.CMU.EDU [128.2.205.169]) by mx1.FreeBSD.org (Postfix) with SMTP id 9213B43E6A for ; Wed, 23 Oct 2002 18:40:08 -0700 (PDT) (envelope-from dpelleg@gs166.sp.cs.cmu.edu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15799.20287.620654.923723@gs166.sp.cs.cmu.edu> Date: Wed, 23 Oct 2002 21:39:11 -0400 To: freebsd-questions@freebsd.org, ryallsd@datasphereweb.com Subject: RE: Linux vs. FreeBSD X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid From: Dan Pelleg Reply-To: Dan Pelleg Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG As has been said, the clients don't care much what the router is running as long as it handles the packets correctly. I would strongly recommend FreeBSD for this and this is based on my experience in a mixed FreeBSD/Linux shop. FreeBSD has excellent support for intelligent and traditional packet filtering. ipfw can do all of the following: - header-based filtering - stateful filtering - bandwidth shaping (make sure some server doesn't use more than N bits/second, or even make sure no one server hogs the entire bandwidth) - via dummynet - "limit" rules (cap the number of connections a particular server can have open at any given time) And all of these can be applied to either the internal, external, or DMZ networks. NAT is also supported. I'm sure Linux has similar capabilities. But with FreeBSD you get them in the base system - no need to go hunt for tarballs or kernel patches (see below more on stability). As far as security is concerned, FreeBSD's record is excellent. When people say "Linux" they often mean "Red Hat", who seem to have a major mis-configuration problem and virus/worm attacks with every single version they put out. I am sure there are Linux distros that fare better on security but they rarely the advantages that Red Hat is enjoying (these being support and large user base). FreeBSD systems are easy to maintain. You can do a source upgrade, or a binary upgrade, and the system will go through it and boot to the new version without a hitch. On one system I have I've gone from FreeBSD 4.1 to 4.7, including every release in between, without ever touching the console. When a major version comes out, I typically upgrade 10 systems in multiple locations, all within half a day without leaving my office. When security advisories come out, they are published quickly, and yet give accurate description of the problem and its impact, letting you make an informed decision. They also provide tested workarounds and pointers to source and binary patches, which make your life as administrator easy. Again, being on both the FreeBSD and Red Hat security advisory mailing-lists, I can tell you none of these points are to be taken for granted for even the biggest and most trusted vendor. Linux and its various distros has its merits and is certainly a system of choice for certain uses. But if your time and sanity are worth anything to you, you'd better put FreeBSD on this system. -- Dan Pelleg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message