Today, I decided to compare between FreeBSD and OpenBSD. Why not use Linux (you ask)? I used FreeBSD and OpenBSD as firewall under heavy load and they just handle it very well. I used both of them for many years and linux iptables at that time just wont cut it.
The reason why I compared them is to use one as platform for network security appliance much like pfSense and OPNsense. You might ask why reinvent the wheel? - Short answer is I want it fully opensource forever. Long answer is, pfSense got so commercialized that they even stopped releasing community versions openly. OPNsense on the otherhand is fully open but there is still a commercial backing which I think in the future will become like pfsense. Linux solutions exist also but I am more comfortable with OpenBSD.
Table of features I require to support my ISP business
| Feature | FreeBSD | OpenBSD | Reason |
|---|---|---|---|
| Firewall | No | Yes | Pf is much more updated in OpenBSD |
| Traffic Shaper | No | Yes | Both are blazingly fast and easy to configure but OpenBSD Queueing subsystem is integrated in PF. |
| Traffic Shaper Rules | Yes | No | In an ISP environment(my current business) where you need to allocate download and upload speeds of your subscriber, FreeBSD pf+dummynet is the way to go. Problem with OpenBSD pf on this one is that you have to assign a rule+queue for each subscriber ip. This would clutter up on your ruleset if you have a lot of subscriber as what I have experienced. This is due to the nature of how queues are configured in OpenBSD pf |
| QoS | No | Yes | This is really easy to setup in OpenBSD pf |
| Hardware Support | Yes | Yes | Both of them are equally updated |
| Ports | Yes | No | FreeBSD has more ports than OpenBSD |
| Others | Yes | Yes | All other aspects usually same for them |
As you can see on the table, both BSDs are equally capable. As Michael W Lucas said "Pick what you want and roll with it."
I chose OpenBSD as platform for my network security appliance project based on the table above.
