Roy <[email protected]> writes: > If anyone has experience with firewall/router setups, would you > recommend using Debian for the firewall/router PC as well, or using > OpenBSD for the firewall/router and Debian as a KVM host for services? > Alternatively, should I just use Debian for the firewall/router with > nftables?
I went with Debian in my router when I couldn't find a router I liked. Commercial router often means Linux with a smelly proprietary layer on top and no access to Linux itself. Or a supermarket router of the week where you can maybe replace the OS with OpenWRT or the like. I had some doubts about OpenWRT when they split into two some years ago so didn't want to go that way any more. So then, I got a router-like PC to run Debian on which has been great. And definitely I've done quite a lot of tinkering this winter especially, first adding VLANs and then tweaking IPv6 to work the way I want. Earlier stuff was setting up filtering in the DNS and using dnscrypt for external DNS access. As for OpenBSD and pf, I didn't want to learn another OS with another firewall and I was already more or less familiar with Debian and relevant bits like nftables as well as systemd-networkd and dnsmasq. > I’m asking because I have the impression that Linux has accumulated a > lot of overhead and is no longer as suitable for personal tinkering, > but is more geared toward enterprise use. Hm. Enterprise use is of course important for Linux but there's also smaller applications like phones, network gear, workstations. To name a few. Your impression reminds me... About 25 years ago when I tried FreeBSD, there was some eye rolling in their community at Linux having multiple different Unix-like file systems. And why? Because some SGI peeps wanted their XFS in Linux. IBM wanted their JFS in Linux. Someone else wanted their pet FS in Linux. Sun definitely didn't want their ZFS in Linux but people made it happen anyway. Others wanted something to use on raw flash devices, so squashfs and JFFS happened. And so it goes, more use cases means more people means more devs which means more software in Linux. Now, did having multiple file systems in Linux make it unsuitable for personal tinkering? Create "overhead", whatever that means? I don't think so. Having different ways to config a firewall doesn't either. There's the wizard level eBPF too but I think I'll steer well clear of it. Maybe if I ever have too much time on my hands.
