FreeBSD9 and the sheer number of problem reports

George Kontostanos gkontos.mail at
Fri Feb 24 00:16:01 UTC 2012

> Short introduction in order:
> See, we use FreeBSD at work for our firewall boxes, running:
> - PF + CARP + PFsync
> - nagios-nrpe
> - munin-node
> - bacula client
> and either
> - nginx and/or haproxy
> - relayd
> These boxes serve as frontend firewalls for all our projects/products,
> including a few high traffic ones.
> For example our most traffic intense project has 4 firewalls, 2 each on
> 2 different datacenters, sharing 4 CARP IPs with automagic failover.
> These firewalls total ~200mb/s , serving only minifi'ed javascript pages.

> In the current state of things, I have *absolutely* no wish to run it in
> production :(
> I'd love to hear feedback.

This is really a bad example and we shouldn't jump into the .0
releases comparison.

Firewalls are supposed to be super stable. The last thing you need in
a firewall is trying to troubleshoot OS related issues.

Most major brands use well patched long tested OS to build their
firewall software.
So, no you shouldn't jump to 9 before it has been thoroughly tested.
That doesn't mean of course that you should let others do the testing
for you. If you plan on moving your environment to 9 at some point in
the future then you have to start your own testing now.

Best Regards,

George Kontostanos
Aicom telecoms ltd

More information about the freebsd-stable mailing list