Why?
I’ve tried to Google this, but it’s such a general statement I can’t find anything about it.
Is it more mature in that regard? Sane/sensible/safe defaults for networking? More tools as part of the distribution for networking?
Did FreeBSD (or it’s predecessor/upstream/whatever) define the standards, so the implementation is more correct?
Or is it just that so many firewall applications run on top of FreeBSD (or a BSD flavour) eg opnSense, pfSense, openWRT (is openWRT actually BSD, idk)?
So, kinda a historical/momentum thing. With the benefits of wide spread specific use
Everything needs good security. Firewall devices only cover a specific, limited portion of the attack surface of machines behind them. One successful browser exploit or attack on an exposed port, and the firewall may as well be a paperweight.
FreeBSD this focused on making a general use operating system
Open BSD is focusing on security the developer insists on regular audits.
Under most circumstances I wouldn’t really care, we’re getting a long well enough on Microsoft and Android with security updates all the time. That firewall man, it’s sitting out there with its ass hanging in the wind, The only thing between you and a billion hastily written scripts.
No, firewalls should use openBSD
Why?
I’ve tried to Google this, but it’s such a general statement I can’t find anything about it.
Is it more mature in that regard? Sane/sensible/safe defaults for networking? More tools as part of the distribution for networking?
Did FreeBSD (or it’s predecessor/upstream/whatever) define the standards, so the implementation is more correct?
Or is it just that so many firewall applications run on top of FreeBSD (or a BSD flavour) eg opnSense, pfSense, openWRT (is openWRT actually BSD, idk)?
So, kinda a historical/momentum thing. With the benefits of wide spread specific use
I personally don’t have a lot of experience with this, but here’s a writeup about OpenBSD: https://nxdomain.no/~peter/what_every_it_person_needs_to_know_about_openbsd.html
OpenBSD is focused on being incredibly secure, and they generally succeed. Firewalls need good security.
Everything needs good security. Firewall devices only cover a specific, limited portion of the attack surface of machines behind them. One successful browser exploit or attack on an exposed port, and the firewall may as well be a paperweight.
True, but it’s hard to get end users to use OpenBSD. It’s really easy to make a firewall based on OpenBSD.
FreeBSD this focused on making a general use operating system
Open BSD is focusing on security the developer insists on regular audits.
Under most circumstances I wouldn’t really care, we’re getting a long well enough on Microsoft and Android with security updates all the time. That firewall man, it’s sitting out there with its ass hanging in the wind, The only thing between you and a billion hastily written scripts.