this post was submitted on 18 Aug 2023
418 points (100.0% liked)
Programmer Humor
418 readers
3 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No, firewalls should use openBSD
Why?
I've tried to Google this, but it's such a general statement I can't find anything about it.
Is it more mature in that regard? Sane/sensible/safe defaults for networking? More tools as part of the distribution for networking?
Did FreeBSD (or it's predecessor/upstream/whatever) define the standards, so the implementation is more correct?
Or is it just that so many firewall applications run on top of FreeBSD (or a BSD flavour) eg opnSense, pfSense, openWRT (is openWRT actually BSD, idk)?
So, kinda a historical/momentum thing. With the benefits of wide spread specific use
OpenBSD is focused on being incredibly secure, and they generally succeed. Firewalls need good security.
Everything needs good security. Firewall devices only cover a specific, limited portion of the attack surface of machines behind them. One successful browser exploit or attack on an exposed port, and the firewall may as well be a paperweight.
True, but it's hard to get end users to use OpenBSD. It's really easy to make a firewall based on OpenBSD.