Re: UVM, UBC, and PF criticisms in comp.unix.solaris

[Toni Mueller <support@oeko.net>]

Hi Adam,

On Mon, Dec 31, 2001 at 11:14:15AM -0500, Generic Player wrote:
> share.  What exactly did you mean about iptables anyways?  I don't see
> anything new and wonderful there, its just an extension of ipchains in
> concept.  Its certainly the best free firewall out there, I'm stuck with
> 300 linux boxes because ipf sucked so bad we couldn't use openbsd, so we
> had to use iptables, but its nothing new.

well, I'm a bit confused. _If_ iptables is "the best free firewall out
there", why didn't the OpenBSD project just clip and incorporate that
instead of taking the trouble of rewriting one from scratch?

Also, why when you have pf does ipf not working prevent you from
running OpenBSD? Is that because you (probably) needed to deploy
before 3.0? What exactly was the problem with ipf? Why was the
problem with ipf worse than the notorious constant instability/security
hassle Linux has to offer?

Don't get me wrong, I'm _curious_ and would be glad to get some insights.

I use both OpenBSD and Linux together, and, at least currently, have no
problems choosing OpenBSD over Linux most any day for security-related
and possibly other jobs as well. I do have a hard time believing in
Linux security, though, and dislike the prospect of investigating IPSEC
on Linux in the very near future, when OpenBSD has it out of the box.


Best,
--Toni++