pull down to refresh

412 sats \ 2 replies \ @ZezzebbulTheMysterious 16 Jan \ parent \ on: Rebuilding My Home Network for the Future - Opnsense Firewall / Router security
Hypervisor on the metal vs running an network/firewall os on metal (pf/opn/openwrt/etc):
  • isolate/compartmentalize functionality within a VM (eg: run IDS and routing in a different instance context)
  • rip out and replace the core firewall / routing functionality (dont like pf, switch to opn VM, etc).
  • VM images can are portable between devices + easier maintenance and upgrades
disadvantages:
  • performance hit due to virtualization
write
preview
18 sats \ 1 reply \ @kepford OP 16 Jan
Very helpful. Thanks.
reply
94 sats \ 0 replies \ @ZezzebbulTheMysterious 16 Jan
Id add that https://vyos.io/ is another open source alternative Firewall OS that implements the cisco configuration language, if that's your thing.
I tend to prefer Linux firewalls over BSD based, but that's generally a preference in features over simplicity.
A hypervisor lets you try them all with as minimal effort in swapping them out.
reply