Les Mikesell wrote: > Timo Schoeler wrote: >>> What about NetBSD? I heard that NetBSD has the best network stack out >>> there. Maybe NetBSD with pf is the best choice? >> NetBSD is a very nice OS, I personally like it most (out of all BSDs out >> there); however, as can be read on >> >> http://www.netbsd.org/docs/network/pf.html >> >> there's the 'usual lag': OpenBSD implements feature X in 4.6, wait some >> time to see it implemented elsewhere. >> >> One of the biggest strengths of OpenBSD is that it's really a completely >> rounded piece of work. Keep it that way. pf will perform best on >> OpenBSD, with all the nice features it has. > > Has anyone used Firewall Builder to create a complex set of iptables > rules? Or compared performance where it built the same thing for > linux/iptables and bsd/pf? > Are you joking? That piece of crap just puts everything into one single chain. I never EVER use Firewall Builder after I saw the results the first time. For a BRIDGING firewall, there is absolutely NO WAY that Linux/netfilter can keep up with OpenBSD/pf. I doubt that Linux/netfilter can even reach half the performance of OpenBSD/pf.