Re: Firewall OS choice

["David Lord" <netbsd%lordynet.org@localhost>]

On 17 Jul 2010 at 19:19, Michael T. Davis wrote:

>       We have an ancient firewall installed in one area running OpenBSD 2.8
> and IPFilter v3.3.18.  It's hardware is configured as an "appliance," so
> updating the software isn't all that straightforward (to put it nicely).  I am
> contemplating upgrading the hardware, and switching to a BSD flavor that
> continues to provide built-in support for IPFilter.  Besides NetBSD, I'm also
> considering FreeBSD.  I realize the responses here will be somewhat biased
> (;-), but is NetBSD a good choice for this application, esp. compared to
> FreeBSD (or vice versa)?

I moved from NetBSD to FreeBSD due to NetBSD-2 not
running on my hardware and then FreeBSD brought in
some changes relating to hardware and I moved back
to NetBSD-3 and up (my current firewall pc would
not run FreeBSD). I had my file/fax/printserver
on SuSE then FreeBSD but that has been moved to
NetBSD just to ease maintainance. FreeBSD seems
to be more up-to-date in some areas (eg ntpd).


David

> 
>       On a related note, the support for IPFilter in NetBSD 5.0.2 doesn't
> seem to provide a mechanism for specifying an alternate configuration file;
> it's hardcoded to use /etc/ipf.conf and/or /etc/ipf6.conf.  With the ancient
> IPFilter build in the aforementioned environment, there was native support
> for specifying a different file.  I have modified /etc/rc.d/ipfilter and
> /etc/rc.d/ipnat in NetBSD 5.0.2 to provide for specifying different
> configuration files.  Where is the best place to post my diffs and allow
> others to evaluate them?
> 
> Thanks,
> Mike