I became very curious after I read a couple of
posts assuming
OpenBSD as the best OS for a firewall box. Could anyone explain (or at
least point out links) why OpenBSD would be more appropriate for a
firewall?
I am planning the instalation of a firewall, and I was
thinking about a linux box, possibly running the LRP package.
I do not intend to raise any OS-war, but rather to understand
the arguments for each side.
Let me address the last paragraph first by stating I've been running Linux
for 9 years now. I prefer Linux over the BSD varients hands down.
HOWEVER, there is no way I'm going to use Linux for a Firewall, and I'd even
think twice before using it as a server. OpenBSD has now gone over three
years without a remotely exploitable hole, when using the default install.
The entire reason for OpenBSD's existance is security. My OS of choice for
running a firewall would be OpenVMS, however, since the software to do
firewall and NAT doesn't really exist for OpenVMS, I run OpenBSD.
For info on OpenBSD try the following:
http://www.openbsd.org
http://www.deadly.org/
If you have enough machines around do a default install of what ever Linux
distro you were thinking of on one, and OpenBSD on another. Then run some
tools for checking for vulnerabilies against the two. You just might find
the results disturbing.
Zane