Or, just turn on routing/nat/packet filtering on a regular old FreeBSD box with 2 nics in it.
Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of Courtney Rosenthal Sent: Saturday, October 4, 2025 11:02 AM To: [email protected] Subject: Re: [PLUG] pf, OpenBSD, pfSense, FreeBSD If you are considering a BSD-based firewall, I'd recommend looking at OpnSense. OpnSense is a community managed fork. There are some technical reasons for the preference, but even more there's some major baggage associated with Netgate, the provider of pfSense. https://www.xda-developers.com/why-use-opnsense-over-pfsense-dont-trust-netgate/ Maybe not an option if you've already purchased a pre-installed appliance, but just want to throw this out there. On 10/3/25 7:29 PM, Keith Lofstrom wrote: > pf (packet filter) resembles the firewall for OpenBSD. > pfSense is based on pf and a gui and modified to use FreeBSD and > Netgate hardware as a bundled $1K appliance. > > My "first" Unix was ATT, in Cory Hall at UC Berkeley, across the > hallway from the team that later produced BSD Unix. My first Unix > machine was a Tektronix workstation running "UTek", then a PC running > BSDI. > > Then Linux. I never looked back. Or watched the forks of openbsd and > freebsd from bsd386. For many years, I have run a "headless" Linux > firewall, using a pcEngines APU 3-port headless single-board-computer. > > However, pfSense running on 686-class hardware and BSD seems more > secure as a firewall for a Linux cluster. > J. Random Cracker must conquer two operating systems (both firewall > and production machines) to pown me. > > That said, SUPPORTING two different operating systems increases the > load average on my poor aging brain. > But hey, wise choices never were my forte. > > So, I will attempt to configure and run pfSense preinstalled on > another pcEngines APU (with spares). > > ----- > Your snarky disparaging comments here. > I can always use more. > ----- > > Anyway ... if other PLUGers want to attempt the same approach, misery > loves company. I can imagine a whitehat trial-by-combat at a Linux > clinic. AFTER I make copies of the APU mSATA drives. As my chimp > experimenter friends taught me, ALWAYS mount a scratch monkey. > > Also, pcEngines is no longer in business. If anyone else knows of a > 3xGigabit 5 watt single board computer currently in production, we can > play with those, too. > > Keith L. > > P.S. Rule of thumb - 8766 watt-hours, plus aircon, is about $1/year. > 5 more watts for a decade is the cost of a cheap date. > -- Courtney Rosenthal (she/her) / [email protected] / www.crosenthal.com
