nate wrote: > I don't like/use OpenBSD for anything other than firewalls. But I > do think as a firewall, pf really can't be beat, the configuration > for typical rules just 'flows'. IPTables by comparison is so cryptic. > (speaking as a past user of ipfwadm, ipfw, ipchains, iptables, pf, > and Cisco PIX, which is probably the worst of the ones I've used). > while I haven't personally used this, I've heard enough good things about it from folks I know and trust that I'll stick in a mention of pfSense... pfSense is a turnkey BSD hybrid, which uses freeBSD's kernel with openBSD's pf, all wrapped up in a nice easy to use web interface (and you can still get into shell and manipulate the pf scripts directly). its optimized so it can run off as little as a 128MB flash card (CF).