Why BSD base. Why not Linux base?

[franco]

So, you came here and ask OPN to move over to Linux. Did you also asked at IPfire and WRT to be not so clunky anymore?

My question as well. If BSD is holding back OPNsense, why and how is Linux holding back its firewall distributions as well as it seems?

Back in 2012 I made the decision to move from Linux/GPL to BSD since I saw too many hurdles for a small company/startup to engage in the open source GPL space... I've seen the "closed source" (a.k.a. commercial) GPL space and it always was close to violating licenses and Ubuntu was a terrible distribution to build a firewall on. I did not want to continue this weird path... nowadays everyone does their own "genius" work top of DPDK and lack of basic operating system work is the norm.

OTOH, I've meet the Astaro founders and worked with one of their sales guys for a long time afterwards. They had pulled off great GUI on Linux, because of that one graphics guy they had. At some point it was sold to Sophos and now it's not good anymore? Or just too expensive? Michael would be better suited to know what happened...

So in my view BSD with its hands-off licensing made it possible to have longer-running projects which both succeed in open source and commercially. Smaller organic growth that you can see from m0n0wall, pfSense to OPNsense. The BSDs since the 90's are on a similar trajectory.

The notion that "BSD is dead" is a Linux thing maybe trying to divert from the fact that Linux/GPL has fundamental issues that don't exist in the BSD scope.

One last point as an example: IPFire website says "IPFire is free software and developed by an open community and trusted by hundreds of thousands of users from all around the world."

OPNsense has this year reached (in comparison a mere) 150k active installations and here is the Google trends plot:

https://trends.google.com/trends/explore?date=all&q=ipfire,opnsense

pfSense numbers are even better although they seem to have dropped by almost 50% in peak popularity now.

So... if BSD is holding back, why are Linux user interaction numbers a lot lower in comparison?


Cheers,
Franco

[yourfriendarmando]

I usually stand up Ubuntu-based servers for multi purpose file sharing and VMs. This is an excellent firewall. It happens to be BSD based. It's a great tool regardless of what is based on. Given the nature of its function, it works great on its own power sipping hardware.

Having it on a VM, with other VMs dependent on it, can really stop a show sometimes, unless you have a larger complex system. I happened to be disappointed by other Linux based firewalls. One thing that really changed my offering, was having the ability to create interfaces as desired in a design. The Linux based ones I tried, have the Green, Red, and optional Blue and orange zones, which are rather limiting.

[axsdenied]

I'm not super invested on which OS the OPNsense team decides it needs to be on.  I'm more interested in the end result.

The only thing I'd love is more options for stable NIC/hardware choices.  Completely understand why things are the way they are but the cherry on top would be the confidence, to run this stably, in a majority of hardware configurations.

[gctwnl]

OPNsense's basic architecture is built on the pf packet filter - which is BSD only.

Actually, I've been using pf on macOS as a host-based fw for years (there is a handy app called Murus to configure it) but don't get me started on how utterly unreliable macOS has become to do stuff like this...

[lilsense]

Um, MacOS is mostly FreeBSD based with a twist.

I use the Murus Firewall (Paid) on the MacOS for PF GUI control...

https://www.murusfirewall.com/

[LeandroFitzpatrick]

Hey there. Time to refresh this thread. I totally get where you're coming from. It's true that Linux has come a long way and can handle a lot of heavy lifting when it comes to routing and networking, but there are some good reasons why OpnSense is built on a BSD base. For starters, BSD has a reputation for being rock-solid and reliable, especially when it comes to networking. It's also a more cohesive system, with a single kernel and userland that work together seamlessly. This can make it easier to maintain and troubleshoot, especially for larger installations. Another thing to consider is that CentOS 7 has recently reached its end-of-life support. Check it out https://tuxcare.com/extended-lifecycle-support/centos-7-extended-support/. Of course, I'm not saying that OpnSense is the only option out there or that Linux isn't a great choice in many situations. But I do think that there are some good reasons why BSD has been a reliable choice for networking for many years.

[bitTwiddler]

BSD is hardly a sinking ship.  It may not be the latest, shiny object but BSD is the foundation for quite a few modern applications (Playstation 5 for example).  And the licensing is friendly as well  :-)