# Conversation at work



## Pushrod (Oct 18, 2009)

Boss: We need a firewall for our new office in another city, we need a VPN setup to join the two together, and it needs to be secure.

Me: OK, why don't I find an old machine and load up FreeBSD with PF and OpenVPN.

Boss: What is "Free Bee Ess Dee"?

Me: It's just like Linux, but easier to use and more appropriate for the job. PF is one of the firewalls, I'd say the best one.

Boss: OK, sounds good.

Another victory for FreeBSD.


----------



## Carpetsmoker (Oct 18, 2009)

Isn't the pf version in FreeBSD horribly out of date?

For this particular job, I would say OpenBSD...


----------



## Beastie (Oct 18, 2009)

Carpetsmoker said:
			
		

> Isn't the pf version in FreeBSD horribly out of date?
> 
> For this particular job, I would say OpenBSD...


Isn't it just slower than the current native OpenBSD version and missing a few features? IMHO, as long as it doesn't have security vulnerabilities, it can do its job fine, especially if Pushrod is more familiar with FreeBSD than OpenBSD.


----------



## Pushrod (Oct 18, 2009)

I likely wouldn't use OpenBSD for anything. The office is decently sized and the only computer I could use has dual processors, which basically mandates FreeBSD.

I don't take OpenBSD's "security" very seriously because it is partially achieved through having a limited feature set. I used OpenBSD on a computer for about 6 months before putting FreeBSD back on it because I couldn't tolerate not having filesystem ACLs (a security feature) and other essentials. OpenBSD certainly does a few things right, but if those things were simply incorporated into FreeBSD (which they often are after a delay), OpenBSD would not need to exist.

IMHO, FreeBSD was the right tool for this job. I don't do the whole fanboy thing, whatever I think works best is what goes.


----------



## dennylin93 (Oct 18, 2009)

Carpetsmoker said:
			
		

> Isn't the pf version in FreeBSD horribly out of date?
> 
> For this particular job, I would say OpenBSD...



PF is a bit outdated at the moment. I'm looking forward to a newer version (it still works a like charm though).


----------



## vermaden (Oct 18, 2009)

Carpetsmoker said:
			
		

> Isn't the pf version in FreeBSD horribly out of date?



Fomr http://freebsd.org/handbook

```
FreeBSD 5.X -- PF is at OpenBSD 3.5
FreeBSD 6.X -- PF is at OpenBSD 3.7
FreeBSD 7.X -- PF is at OpenBSD 4.1
```

Dunno for 8.0/9-CURRENT.


----------



## danger@ (Oct 18, 2009)

pf hasn't been updated for some time now, which means that HEAD has the same version as 7.2 (i.e. OpenBSD 4.1). As far as I know, the original porter and maintainer (Max Laier) is too busy to update it to the current version :-(


----------



## aragon (Oct 18, 2009)

Anyone know what's new in PF since OpenBSD 4.1 ?


----------



## anomie (Oct 18, 2009)

@Pushrod: Be sure to check out pfsense for handling this job. 

I notice on their site that commercial support is now available, which should give the boss man warm fuzzies.


----------



## ale (Oct 18, 2009)

aragon said:
			
		

> Anyone know what's new in PF since OpenBSD 4.1 ?


I think that you can get this information searching for pf in OpenBSD releases notes from http://www.openbsd.org/42.html to http://www.openbsd.org/46.html (note the version number in the URL).


----------

