Actually, pfsense kind of has a shitty reputation in the FOSS community and opnSense is preferred.
But I don't like the limitations of BSD systems in terms of hardware compatibility and performance, so I build my router using a plain Linux distro (Debian).
Or openWRT.
The bsd based distributions sure are powerful, but with the power/heat budget to match.
I love me some OpenWRT but updating it has always been a risky chore.
Check out attended sysupgrade
Actually, pfsense kind of has a shitty reputation in the FOSS community and opnSense is preferred.
But I don't like the limitations of BSD systems in terms of hardware compatibility and performance, so I build my router using a plain Linux distro (Debian).
That's the first I've heard of pfsense having a bad reputation, can you explain? (I haven't used it, genuinely want to know)
They also did this: https://web.archive.org/web/20160314132836/http://www.opnsen...
And WIPO had to take the domain away from them: https://en.wikipedia.org/wiki/PfSense#OPNsense
https://arstechnica.com/gadgets/2021/03/buffer-overruns-lice...
wild read.
sounds like the core of the issue was that Netgate hired a weirdo, and then botched how they handled it when the weirdo got -- go figure -- weird.
and it showed how FreeBSD does commits badly and may not have any (or few) code reviews
honestly makes me feel bad about using netgate boxes -- what else needs to be fixed?
Better go OPNsense
The soulutions is iptables.
The solution is nftables.
The solution is bpf.
The solution is emacs-m-x-butterfly-bpf.