Depends what you want to do exactly I suppose... Personally I use Linux based firewalls for many of my sites purely because the clients in question want deep packet inspection (aka OSI layer 7 filtering) done on the network traffic. But that said they are always the second skin firewalls, sitting behind PF firewalls, filtering outbound traffic while the OpenBSD/FreeBSD boxen filter inbound traffic.
Thats just my 5c worth and I've always been of the opinion that at least two different skins of firewalls should be deployed, build ontop of different technologies. Makes life a lot harder for whomever you want to keep out. "Opportunity is most often missed by people because it is dressed in overalls and looks like work." Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures. On Wed, Sep 22, 2010 at 9:29 PM, Rikky Taylor <rikkytay...@hotmail.co.uk>wrote: > I was after some general advice. I need to setup a routing firewall with 3 > interfaces, moderate traffic and a fair amount of NAT'ing in the rules. > > > > Given identical modern server hardware would I expect a performance > difference > between an OpenBSD/PF setup and a Linux/IPTables one? > > > > Rikky