From owner-freebsd-questions Wed Oct 23 19:44:16 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B073937B401 for ; Wed, 23 Oct 2002 19:44:13 -0700 (PDT) Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35CE643E42 for ; Wed, 23 Oct 2002 19:44:09 -0700 (PDT) (envelope-from daleco@daleco.biz) Received: from DaleCoportable [12.145.236.211] by mail.gbronline.com (SMTPD32-7.13) id ADE6218A0210; Wed, 23 Oct 2002 21:41:42 -0500 Message-ID: <002901c27b07$17d70430$fa00a8c0@DaleCoportable> From: "DaleCo Help Desk" To: "Dan Pelleg" , , References: <15799.20287.620654.923723@gs166.sp.cs.cmu.edu> Subject: Re: Linux vs. FreeBSD Date: Wed, 23 Oct 2002 21:43:02 -0500 Organization: DaleCo, S.P.---"the solutions people" MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG From: "Dan Pelleg" To: ; Sent: Wednesday, October 23, 2002 8:39 PM Subject: RE: Linux vs. FreeBSD > > As has been said, the clients don't care much what the router is > running as long as it handles the packets correctly. > > I would strongly recommend FreeBSD for this and this is based on my > experience in a mixed FreeBSD/Linux shop. > > FreeBSD has excellent support for intelligent and traditional > packet filtering. ipfw can do all of the following: > - header-based filtering > - stateful filtering > - bandwidth shaping (make sure some server doesn't use more > than N bits/second, or even make sure no one server hogs the > entire bandwidth) - via dummynet > - "limit" rules (cap the number of connections a particular > server can have open at any given time) > > And all of these can be applied to either the internal, external, > or DMZ networks. NAT is also supported. > > I'm sure Linux has similar capabilities. But with FreeBSD you get > them in the base system - no need to go hunt for tarballs or > kernel patches (see below more on stability). > > As far as security is concerned, FreeBSD's record is excellent. When > people say "Linux" they often mean "Red Hat", who seem to have > a major mis-configuration problem and virus/worm attacks with every > single version they put out. I am sure there are Linux distros that > fare better on security but they rarely the advantages that Red > Hat is enjoying (these being support and large user base). > > FreeBSD systems are easy to maintain. You can do a source upgrade, > or a binary upgrade, and the system will go through it and boot > to the new version without a hitch. On one system I have I've gone from > FreeBSD 4.1 to 4.7, including every release in between, without ever > touching the console. When a major version comes out, I typically > upgrade 10 systems in multiple locations, all within half a day > without leaving my office. > > When security advisories come out, they are published quickly, and yet give > accurate description of the problem and its impact, letting you make an > informed decision. They also provide tested workarounds and pointers to > source and binary patches, which make your life as administrator > easy. Again, being on both the FreeBSD and Red Hat security advisory > mailing-lists, I can tell you none of these points are to be taken for > granted for even the biggest and most trusted vendor. > > Linux and its various distros has its merits and is certainly a system of > choice for certain uses. But if your time and sanity are worth anything to > you, you'd better put FreeBSD on this system. > > -- > Dan Pelleg I'd second a great deal of this. When I was first introduced to what lay behind the Internet, everyone was talking about the Penguin, but I've discovered that FreeBSD has a richer background, classic roots, and extremely confident and competent individual users and maintainers who go an extra mile to make it a top-notch server OS. Kudos to all! Kevin Kinsey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message