Port OPNsense to Linux?

[MrWizard]

I saw the new Mono gateway, and while I like it, it also points to a deeper underlying issue with OPNsense. It trades high network performance of BSD kernel for poor quality drivers and hardware support, which, from my limited point always seems to be behind Linux, and more ppl today are familiar with Linux, unlike BSD. I saw on the openSUSE fora that some use it to route & firewall big internet connections for companies, so it's not unheard of. BSD drivers and hardware support will always be an issue for OPNsense, as few hardwarecompanies want to invest in it, due to its few users. Linux, while imperfect, but due to its larger userbase which is growing, also see better support from hardware vendors and a bigger team working on it. That goes from NIs and CPUs, especially. 
I do understand that the lure of BSD is the routing efficiency of its kernel and low sys footprint. Now, could Linus Torvalds & the Linux kernel team be convinced to increase the routing efficiency of the Linux kernel, if it is possible, and work with the OPNsense guys and girls to do it?
If the above is correct, it cost little to at least start a dialogue with him/them about it.

[Monviech (Cedrik)]

The entirety of pf(5) does not exist on linux.

Linux has some things, BSD has other things. Its always a tradeoff.

By extension it would be better to look into OpenWRT or Vyos for open source linux based projects, since they natively wrap around wht linux offers.

OPNsense is heavily based around a lot of FreeBSD ecosystem requirements like PF.

[bimbar]

With the background of the various freebsd controversies, this does not seem like such a far fetched idea as it did years ago.

[OPNenthu]

Nothing's perfect but Linux gives me an uneasy feeling with all the different directions it's going in and how fast it's moving.

[Patrick M. Hausen]

With the background of the various freebsd controversies, this does not seem like such a far fetched idea as it did years ago.

Porting is entirely impossible. The core foundation of OPNsense does not exist on Linux.

Feel free to build an entirely different firewall product based on Linux. But then why do that and not just switch from OPNsense to e.g. IPfire?

[pfry]

The entirety of pf(5) does not exist on linux.[...]

I would have gone for an abstraction layer. But then, I'd still be working on it instead of having a working product for 10 years. Reality intervenes.

[Monviech (Cedrik)]

Let's vibe code it with autonomous agents and Claude in 2 days and then fix it for 20 years. xD

[nero355]

With the background of the various freebsd controversies, this does not seem like such a far fetched idea as it did years ago.

Such as ?! o.O

/EDIT :

https://forum.opnsense.org/index.php?topic=50102.0
https://lists.freebsd.org/archives/freebsd-hackers/2025-December/005383.html

Ahh... well if that is all then @bimbar could have just said that...

But Linux has that kind of issues too : SystemD anyone ?! ;)

[Patrick M. Hausen]

Such as ?! o.O

https://forum.opnsense.org/index.php?topic=50102.0
https://lists.freebsd.org/archives/freebsd-hackers/2025-December/005383.html

[pfry]

Nothing's perfect but Linux gives me an uneasy feeling with all the different directions it's going in and how fast it's moving.

Time to revisit GNU Hurd? OpenBSD? OpenIndiana? NetBSD? Haiku? Resurrect open-source QNX?

I agree, though. I spend a lot of time configuring my servers, and I want to avoid having the rug pulled out from under me. As Windows and Fedora do constantly. Or Debian's SystemD intro. Or Spengler closing GRSecurity. Bleh.

[...]I saw on the openSUSE fora[...]

Rumor has it SUSE's up for sale again. Which makes me wonder what SAP is up to. Oh well.

[Greg_E]

OpenIndiana or IllumOS might be interesting, too bad Apple stopped making their BSD flavor available (Darwin).

I'd agree that a Linux version would be nice to have, but the lift to get there is just monumental without a serious influx of very larger amounts of cash money to hire a team to make it happen. And if that happens, let me make people mad, I'd put it on openSuse Leap Micro.

[Patrick M. Hausen]

Again: why not simply use an existing Linux based firewall product like IPfire?

The concepts of the core packet filter, routing, and virtual network components in FreeBSD vs. Linux are so fundamentally different that it's not a matter of heavy lifting. IMHO it plain does not make sense.

[pfry]

Again: why not simply use an existing Linux based firewall product like IPfire?[...]

Heh: Did they ever fix their one-VLAN limitation?

It's too bad Vyatta was sold so many times. A victim of endless management musical chairs. DANOS was kind of interesting. I imagine Ciena will dump it if AT&T and IBM stop paying for it.

[MrWizard]

Since Apple is not contributing much to BSD, then most of the lifting has to be done by volunteers, but as Linux is more widely used, thats likely also where many go to help out.


@Patrick

Can the functions be added to Linux's kernel, and would it make sense, if someone was to convince Linus about the importance of it?

[nero355]

Heh: Did they ever fix their one-VLAN limitation?

When I see all of this : https://www.ipfire.org/about

It sounds like a Licensing thing that you are talking about and not a limitation inside the underlying Linux distro ??

Also I know people who simply grabbed a Minimal Debian install and built their own DIY Router on top of that with IPTables/NFTables and some SystemD Networking Services ;)