On Wed, 2026-04-08 at 11:36 +0200, john doe wrote: > On 4/8/26 9:20 AM, Roy wrote: > > I’d like to set up a homelab with a LAN and a DMZ > > ... > > Do you mean that you are planning to have a "host" in your DMZ, that > will act among other things as web server? > > In other words, a dedicated server in your DMZ.
Yes, one or more dedicated VM(s) as hosts of a service > > If anyone has experience with firewall/router setups, would you > > recommend using Debian for the firewall/router PC as well, or using > > OpenBSD for the firewall/router and Debian as a KVM host for > > services? > > Because you are on a Debian mailing list, I'd say Debian all the way! Debian will of course be the main component of "the system", used as aKVM host, my personal workstation, and for most other tasks. However, I’d like an unbiased opinion on whether OpenBSD should be considered a better choice as a firewall/router.> > > Alternatively, should I just use Debian for the firewall/router > > with > > nftables? > > > > I cant' say that I understand what you are asking. I’m wondering whether OpenBSD would be easier to manageas a firewall/router than Debian. > > I’m asking because I have the impression that Linux has accumulated > > a > > lot of overhead and is no longer as suitable for personal > > tinkering, > > but is more geared toward enterprise use. > > > > Are you referring to DE? Absolutely not. I’m referring to the fact that, as soon as I started looking into firewall options on Debian, I found at least three different systems: iptables, nftables, and ufw. It was quite confusing to understand how they relate to each other. I now think I understand that nftables is the newer approach, and it’s a very sophisticated and feature-rich system, probably ideal for a team of engineers, but maybe overkill for a side project like mine. When I searched for firewall solutions on OpenBSD, the answer was much simpler: just pf.
