I keep switching things around. Virtualization comes with its own limits but is a fast way to prototype things like 'how hard is it to get IPV6 PDUs working in this new os?'
Pfsense is ok, but CE went a year without an update while they worked on other branches. Most recently their switch to kea dhcp broke some minor things like mapping static DHCP addresses to DNS entries. I believe that's fixed now, but need to confirm you can also still specify a DHCP option which some network devices need.
Opnsense is also decent and has the advantage of a regular update cadence, but I believe the UI is less newbie friendly. Fedora has the advantage of a UI to let you quickly review firewall rules, although the cli is perfectly workable once you get the syntax down.
Honestly I like OpenBSD's pf too but it couldn't keep up with a one gigabit network connection on your typical AliExpress firewall appliance, and I couldn't get it there virtually on an HP 360 Gen 8 or Gen 9 with decent Xeon CPUs and network cards. Probably a limitation of the network drivers for the network cards emulated by ESXi. I resisted being nerd sniped by that because my wife needs reliable Internet so there was no time to putter.
What are you using that lets OpenBSD achieve better than gigabit speeds?
tl;dr: For now I'm using PFSense because I have a friend I supply with tech support and he uses whatever I use and it's safe for him to play around in PFSense on his own.
Pfsense is ok, but CE went a year without an update while they worked on other branches. Most recently their switch to kea dhcp broke some minor things like mapping static DHCP addresses to DNS entries. I believe that's fixed now, but need to confirm you can also still specify a DHCP option which some network devices need.
Opnsense is also decent and has the advantage of a regular update cadence, but I believe the UI is less newbie friendly. Fedora has the advantage of a UI to let you quickly review firewall rules, although the cli is perfectly workable once you get the syntax down.
Honestly I like OpenBSD's pf too but it couldn't keep up with a one gigabit network connection on your typical AliExpress firewall appliance, and I couldn't get it there virtually on an HP 360 Gen 8 or Gen 9 with decent Xeon CPUs and network cards. Probably a limitation of the network drivers for the network cards emulated by ESXi. I resisted being nerd sniped by that because my wife needs reliable Internet so there was no time to putter.
What are you using that lets OpenBSD achieve better than gigabit speeds?
tl;dr: For now I'm using PFSense because I have a friend I supply with tech support and he uses whatever I use and it's safe for him to play around in PFSense on his own.