Port OPNsense to Linux?

[nero355]

What COULD be done is to invent a new firewall from scratch with Linux underneath, aiming exactly at prosumer users, who want more security or features than what an average consumer router (like a Fritzbox) offers, but with less complexity (at the expense of overwhelming features) than OpnSense.

There is soo much already out there so what do you need exactly that they can not offer ?!

IPTables/NFTables/UFW/etc...

AVM's Fritzbox

I hate those things! :(

I know ISPs in Germany have flooded the country with them and some Dutch ISPs use them too, but still : Can we please get rid of those things ?!?!

It is, but not with your puny home N100 hardware et al.

Size-shaming us now, eh? 😂

IKR ?! LOL! ^_^

This is a deeper change away from Windows and propriety software, which is likely to spread.

I don't know where it's all headed because we have problems at every level and it's very sad that issues of mass surveillance, censorship, and digital sovereignty aren't even the most pressing.  That's just where we techies like to focus.

Your main problem is TCPA/Palladium but since everyone has discovered that at least 20 years too late after the release of Windows 11 there is a very low chance that we can go back to a world where things like TPM chips and DRM do not exist anymore... :'(

And in these environments, admins who know the likes of Juniper, also know about BSD like systems (Junos is FreeBSD based, just as an example).

Sorry to disappoint you, but my experience agrees with his :

Having worked in those circles for 15 years, I doubt a junos admin knows BSD.

I had to save a customers life basically after he had been awake for 3 days and totally stressed because his racks lost connection and his Juniper/HP/CISCO Switches were no longer talking to one another...

Fixed it in like one hour and could have done it even faster is his CISCO Switch wasn't a glorified LinkSys model with a horribly slow webGUI :P

Suddenly I was his favorite contact at the hosting company... I wonder why ?! LOL !!!

So, to summarize, I doubt they'll go FOSS for the networking stuff.

There is Jolla SailFish for phones :)

[meyergru]

There is soo much already out there so what do you need exactly that they can not offer ?!

They could offer a decent UI with more limited features, but aimed at what most clueless people who come in here think a firewall should do. There are countless examples of voicing that, the last of which was this one.

That is: Not 3 different DHCP services, 4 different DNS servers, loose coupling between MAC / IP and DNS names that must be consolidated manually over the configuration of two services, not even counting the associated firewall rules.

It is very hard to down-size an existing appliance like OpnSense that has grown over the years and adapted many tools and plugins. The decline of FreeBSD poses a chance to start from scratch, with a specific clientele in mind.

What the Fritzbox does not is better in the direction of simplicity, but worse in the way of flexibility, e.g. you cannot have DNS aliases, making the use of name-based reverse proxies or having several services on one IP very difficult. Also, it lacks something like Adguard Home or Pi-Hole.

While IPfire and other Linux-based firewalls may have the correct feature-set, they suck even more on the "complexity" side for such users than OpnSense.

P.S.: To be clear: I like OpnSense for what it is. But, as I often said, it is not suited for the average Joe who does want "a little bit more" than what consumer routers offer. There are more of those these days with IoT and homelabbing. Such users just want the benefits, but are unable or unwilling to grasp the underlying concepts and need a stringent UI, which OpnSense does not offer.

So, this is a growing market that is neither met by Fritzboxes, IPfire, OpenWRT, OpnSense and all the others. Yet, I think that despite there being a lot of people who would love to have it, they are also the same people who do not want to pay for that luxury.