> Short introduction in order: > > See, we use FreeBSD at work for our firewall boxes, running: > - PF + CARP + PFsync > - nagios-nrpe > - munin-node > - bacula client > > and either > - nginx and/or haproxy > - relayd > > These boxes serve as frontend firewalls for all our projects/products, > including a few high traffic ones. > > > For example our most traffic intense project has 4 firewalls, 2 each on > 2 different datacenters, sharing 4 CARP IPs with automagic failover. > > These firewalls total ~200mb/s , serving only minifi'ed javascript pages.
> In the current state of things, I have *absolutely* no wish to run it in > production :( > > > > I'd love to hear feedback. This is really a bad example and we shouldn't jump into the .0 releases comparison. Firewalls are supposed to be super stable. The last thing you need in a firewall is trying to troubleshoot OS related issues. Most major brands use well patched long tested OS to build their firewall software. So, no you shouldn't jump to 9 before it has been thoroughly tested. That doesn't mean of course that you should let others do the testing for you. If you plan on moving your environment to 9 at some point in the future then you have to start your own testing now. Best Regards, -- George Kontostanos Aicom telecoms ltd http://www.aisecure.net _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
