Would you agree?

TechCodex@programming.dev to Programmer Humor@programming.dev – 505 points –
98

You are viewing a single comment

No, firewalls should use openBSD

Why?
I've tried to Google this, but it's such a general statement I can't find anything about it.
Is it more mature in that regard? Sane/sensible/safe defaults for networking? More tools as part of the distribution for networking?
Did FreeBSD (or it's predecessor/upstream/whatever) define the standards, so the implementation is more correct?

Or is it just that so many firewall applications run on top of FreeBSD (or a BSD flavour) eg opnSense, pfSense, openWRT (is openWRT actually BSD, idk)?
So, kinda a historical/momentum thing. With the benefits of wide spread specific use

OpenBSD is focused on being incredibly secure, and they generally succeed. Firewalls need good security.

Everything needs good security. Firewall devices only cover a specific, limited portion of the attack surface of machines behind them. One successful browser exploit or attack on an exposed port, and the firewall may as well be a paperweight.

True, but it's hard to get end users to use OpenBSD. It's really easy to make a firewall based on OpenBSD.

FreeBSD this focused on making a general use operating system

Open BSD is focusing on security the developer insists on regular audits.

Under most circumstances I wouldn't really care, we're getting a long well enough on Microsoft and Android with security updates all the time. That firewall man, it's sitting out there with its ass hanging in the wind, The only thing between you and a billion hastily written scripts.