Comment pf please (Score 2, Informative) 114
IMO the IPCOP style firewall systems are only good for quite basic setups, mostly in the 'two nics, one external one internal' realm.
But if your firewalls need to have multiple nic's and such, running carp and pfsync, doing all sorts of funky stuff on each, then the web based things suck. The best ive seen is pfsense, but it still suffers from the whole concept of internal/external nic's instead of just letting me sort that shit out.
I use FreeBSD for all my firewalls now, with the exception of one pair of firewalls which I use openbsd with, only because obsd has the 'carpdev' option and FreeBSD does not, meaning I cant carp external IP addresses properly ( FreeBSD looks for the NIC with an IP on the same subnet as the desired carp IP ).
If you are looking after a semi complex network then IMO dont use IPCOP/Pfsense style setups, as nice as they may for some things.
But if your firewalls need to have multiple nic's and such, running carp and pfsync, doing all sorts of funky stuff on each, then the web based things suck. The best ive seen is pfsense, but it still suffers from the whole concept of internal/external nic's instead of just letting me sort that shit out.
I use FreeBSD for all my firewalls now, with the exception of one pair of firewalls which I use openbsd with, only because obsd has the 'carpdev' option and FreeBSD does not, meaning I cant carp external IP addresses properly ( FreeBSD looks for the NIC with an IP on the same subnet as the desired carp IP ).
If you are looking after a semi complex network then IMO dont use IPCOP/Pfsense style setups, as nice as they may for some things.
