Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 23 Oct 2002 21:39:11 -0400
From:      Dan Pelleg <daniel+fbsdq@pelleg.org>
To:        freebsd-questions@freebsd.org, ryallsd@datasphereweb.com
Subject:   RE: Linux vs. FreeBSD
Message-ID:  <15799.20287.620654.923723@gs166.sp.cs.cmu.edu>

next in thread | raw e-mail | index | archive | help

As has been said, the clients don't care much what the router is
running as long as it handles the packets correctly.

I would strongly recommend FreeBSD for this and this is based on my
experience in a mixed FreeBSD/Linux shop.

FreeBSD has excellent support for intelligent and traditional
packet filtering. ipfw can do all of the following:
- header-based filtering
- stateful filtering
- bandwidth shaping (make sure some server doesn't use more
than N bits/second, or even make sure no one server hogs the
entire bandwidth) - via dummynet
- "limit" rules (cap the number of connections a particular
server can have open at any given time)

 And all of these can be applied to either the internal, external,
or DMZ networks. NAT is also supported.

 I'm sure Linux has similar capabilities. But with FreeBSD you get
them in the base system - no need to go hunt for tarballs or
kernel patches (see below more on stability).

As far as security is concerned, FreeBSD's record is excellent. When
people say "Linux" they often mean "Red Hat", who seem to have
a major mis-configuration problem and virus/worm attacks with every
single version they put out. I am sure there are Linux distros that
fare better on security but they rarely the advantages that Red
Hat is enjoying (these being support and large user base).

FreeBSD systems are easy to maintain. You can do a source upgrade,
or a binary upgrade, and the system will go through it and boot
to the new version without a hitch. On one system I have I've gone from
FreeBSD 4.1 to 4.7, including every release in between, without ever
touching the console. When a major version comes out, I typically
upgrade 10 systems in multiple locations, all within half a day
without leaving my office.

When security advisories come out, they are published quickly, and yet give
accurate description of the problem and its impact, letting you make an
informed decision. They also provide tested workarounds and pointers to
source and binary patches, which make your life as administrator
easy. Again, being on both the FreeBSD and Red Hat security advisory
mailing-lists, I can tell you none of these points are to be taken for
granted for even the biggest and most trusted vendor.

Linux and its various distros has its merits and is certainly a system of
choice for certain uses. But if your time and sanity are worth anything to
you, you'd better put FreeBSD on this system.

--
 Dan Pelleg

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15799.20287.620654.923723>