Chan Chung Hang Christopher wrote:
Les Mikesell wrote:
Timo Schoeler wrote:
What about NetBSD? I heard that NetBSD has the best network stack out there. Maybe NetBSD with pf is the best choice?
NetBSD is a very nice OS, I personally like it most (out of all BSDs out there); however, as can be read on
http://www.netbsd.org/docs/network/pf.html
there's the 'usual lag': OpenBSD implements feature X in 4.6, wait some time to see it implemented elsewhere.
One of the biggest strengths of OpenBSD is that it's really a completely rounded piece of work. Keep it that way. pf will perform best on OpenBSD, with all the nice features it has.
Has anyone used Firewall Builder to create a complex set of iptables rules? Or compared performance where it built the same thing for linux/iptables and bsd/pf?
Are you joking? That piece of crap just puts everything into one single chain. I never EVER use Firewall Builder after I saw the results the first time.
I haven't used it, but that doesn't seem to match the documentation under "Multiple Rule Sets" here: http://www.fwbuilder.org/docs/firewall_builder_3_features.html