Why?
I’ve tried to Google this, but it’s such a general statement I can’t find anything about it.
Is it more mature in that regard? Sane/sensible/safe defaults for networking? More tools as part of the distribution for networking?
Did FreeBSD (or it’s predecessor/upstream/whatever) define the standards, so the implementation is more correct?
Or is it just that so many firewall applications run on top of FreeBSD (or a BSD flavour) eg opnSense, pfSense, openWRT (is openWRT actually BSD, idk)?
So, kinda a historical/momentum thing. With the benefits of wide spread specific use
Everything needs good security. Firewall devices only cover a specific, limited portion of the attack surface of machines behind them. One successful browser exploit or attack on an exposed port, and the firewall may as well be a paperweight.
Why?
I’ve tried to Google this, but it’s such a general statement I can’t find anything about it.
Is it more mature in that regard? Sane/sensible/safe defaults for networking? More tools as part of the distribution for networking?
Did FreeBSD (or it’s predecessor/upstream/whatever) define the standards, so the implementation is more correct?
Or is it just that so many firewall applications run on top of FreeBSD (or a BSD flavour) eg opnSense, pfSense, openWRT (is openWRT actually BSD, idk)?
So, kinda a historical/momentum thing. With the benefits of wide spread specific use
OpenBSD is focused on being incredibly secure, and they generally succeed. Firewalls need good security.
Everything needs good security. Firewall devices only cover a specific, limited portion of the attack surface of machines behind them. One successful browser exploit or attack on an exposed port, and the firewall may as well be a paperweight.
True, but it’s hard to get end users to use OpenBSD. It’s really easy to make a firewall based on OpenBSD.