If you are considering a BSD-based firewall, I'd recommend looking at
OpnSense. OpnSense is a community managed fork.
There are some technical reasons for the preference, but even more
there's some major baggage associated with Netgate, the provider of pfSense.
https://www.xda-developers.com/why-use-opnsense-over-pfsense-dont-trust-netgate/
Maybe not an option if you've already purchased a pre-installed
appliance, but just want to throw this out there.
On 10/3/25 7:29 PM, Keith Lofstrom wrote:
pf (packet filter) resembles the firewall for OpenBSD.
pfSense is based on pf and a gui and modified to use
FreeBSD and Netgate hardware as a bundled $1K appliance.
My "first" Unix was ATT, in Cory Hall at UC Berkeley,
across the hallway from the team that later produced
BSD Unix. My first Unix machine was a Tektronix
workstation running "UTek", then a PC running BSDI.
Then Linux. I never looked back. Or watched the forks
of openbsd and freebsd from bsd386. For many years,
I have run a "headless" Linux firewall, using a
pcEngines APU 3-port headless single-board-computer.
However, pfSense running on 686-class hardware and BSD
seems more secure as a firewall for a Linux cluster.
J. Random Cracker must conquer two operating systems
(both firewall and production machines) to pown me.
That said, SUPPORTING two different operating systems
increases the load average on my poor aging brain.
But hey, wise choices never were my forte.
So, I will attempt to configure and run pfSense
preinstalled on another pcEngines APU (with spares).
-----
Your snarky disparaging comments here.
I can always use more.
-----
Anyway ... if other PLUGers want to attempt the same
approach, misery loves company. I can imagine a whitehat
trial-by-combat at a Linux clinic. AFTER I make copies
of the APU mSATA drives. As my chimp experimenter
friends taught me, ALWAYS mount a scratch monkey.
Also, pcEngines is no longer in business. If anyone
else knows of a 3xGigabit 5 watt single board computer
currently in production, we can play with those, too.
Keith L.
P.S. Rule of thumb - 8766 watt-hours, plus aircon,
is about $1/year. 5 more watts for a decade is the
cost of a cheap date.
--
Courtney Rosenthal (she/her) / [email protected] / www.crosenthal.com
